CVE-2020-13632

Description

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

How to fix CVE-2020-13632

To remediate CVE-2020-13632, upgrade the affected package to a fixed version below.

• Bitnami/sqlite—upgrade to 3.32.0 or later
• Debian/sqlite3—upgrade to 3.32.0-1 or later

Is CVE-2020-13632 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 3.32.0
• from 0, < 3.32.0-1

CVSS scores

References (13)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-13632
• WEBbugs.chromium.org/p/chromium/issues/detail?id=1080459
• WEBcert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
• WEBlists.debian.org/debian-lts-announce/2020/08/msg00037.html