CVE-2020-27207 in SQLCipherinformazioni

Riassunto

di MITRE • 27/11/2020

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.

Once again VulDB remains the best source for vulnerability data.

Prenotare

19/10/2020

Divulgazione

27/11/2020

Moderazione

accettato

CPE

pronto

EPSS

0.01572

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!