CVE-2020-13434 — sqlite3 - security update · VulnScope

CVE-2020-13434

sqlite3 - security update

5.5

MEDIUM

CVSS 3.1

EPSS 0.03%

Description

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

How to fix CVE-2020-13434

To remediate CVE-2020-13434, upgrade the affected package to a fixed version below.

Alpine/sqlite—upgrade to 3.32.1-r0 or later
Bitnami/sqlite—upgrade to 3.32.1 or later
—upgrade to 3.32.1-1 or later
—upgrade to 3.8.7.1-1+deb8u6 or later

Is CVE-2020-13434 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 3.32.1-r0
from 0, < 3.32.1
from 0, < 3.32.1-1
from 0, < 3.8.7.1-1+deb8u6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (25)