{ "threat_severity" : "Moderate", "public_date" : "2020-05-23T00:00:00Z", "bugzilla" : { "description" : "sqlite: integer overflow in sqlite3_str_vappendf function in printf.c", "id" : "1841223", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1841223" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-190->CWE-121", "details" : [ "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.", "An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service." ], "statement" : "This flaw did not affect the versions of SQLite as shipped with Red Hat Enterprise Linux 7 as they did not include support for the printf() function, which was introduced in a later version of the package.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1581", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "sqlite-0:3.26.0-13.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1968", "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb", "package" : "mingw-binutils-0:2.30-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1968", "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb", "package" : "mingw-bzip2-0:1.0.6-14.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1968", "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb", "package" : "mingw-filesystem-0:104-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1968", "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb", "package" : "mingw-sqlite-0:3.26.0.0-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-05-18T00:00:00Z", "advisory" : "RHSA-2021:1581", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "sqlite-0:3.26.0-13.el8" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/cephcsi-rhel9:sha256:4c44c079dccf8e9cbf0a1bbf295986fd496aeb0aa23ad8d324302e218f14ba8f" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/cephcsi-rhel9-operator:sha256:29fb0fd11d7a108f65416fc80abbd8bb50f64a173689e923753c01df79f531e3" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/mcg-core-rhel9:sha256:3959ddbd5e30450cd65ba2cee8bcbe66fb260d5e17d864d20da1f8532a472f58" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/mcg-rhel9-operator:sha256:37c75c349e28507c8acce4682a8f84ae5b270a2045d75288f3b499f62d3b48ee" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/ocs-client-console-rhel9:sha256:3baa5eadf2d9d389bde7e7c1ace3c7047904505c3ee7a27ffe7ad135e0ec8eb8" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/ocs-client-rhel9-operator:sha256:189525c32c30efde779dde1bc7a1310ea1845bb816cfe721081444f515c7fc14" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:sha256:3e281be3ee1669685cc79a689b0f78c5372ee2595e845e40909389f92a5e372d" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/ocs-rhel9-operator:sha256:425707f1853128945adf7ef1590d10a46276328e8bd000e51ac709b284f6dd6d" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-cli-rhel9:sha256:1fbe2505ba147fec7ddf1cc4573cbecb21e4df5cda1db6417a4639773501b6fe" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-cloudnative-pg-rhel9-operator:sha256:215488e22ad4e43bfb5770a14d3b8393e4111033041a2e07221fcee9ea9f89a1" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-console-rhel9:sha256:32aeeae377a7ca1463af2a9f64c069d2c02ad1340035d3ea4960518fa3d4db48" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-cosi-sidecar-rhel9:sha256:245175f874c384e0845660d13519d0f38c97b9eb845930f0695fff875ca8db07" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-csi-addons-rhel9-operator:sha256:07979ff44a1e9132ce0df0cfd4b151ce0ab38c91c2ccbd62daed4b7654645a02" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-csi-addons-sidecar-rhel9:sha256:91a659aa4db7d9410801f8120226ea41fca011b9853457d2225433b75ea87407" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-multicluster-console-rhel9:sha256:124c052e9e0ce1e51f31f5f5b5e0d5d07a3bfcd28ccaee1d35f7bac03aa26cc0" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-multicluster-rhel9-operator:sha256:0bed32485cb800e3058ebcaf16b3b8b08186e21d5fe62b1b00462c6add75a791" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-must-gather-rhel9:sha256:0df75543afe68ae11e7bbec2890c4cf9ea1fc9f5cfc068af7eb434c097bacc93" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odf-rhel9-operator:sha256:86cc3b8453454137c035d0aa32e503bdcb2c3db525c29655a13570811fd03085" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/odr-rhel9-operator:sha256:0a760c412d3bbe1595b38d20f1284463f8406cb07a4e5e9958f9a1fe8642d2a0" }, { "product_name" : "Red Hat Openshift Data Foundation 4.19", "release_date" : "2025-09-23T00:00:00Z", "advisory" : "RHSA-2025:16504", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.19::el9", "package" : "odf4/rook-ceph-rhel9-operator:sha256:030161e80c9b75186b6843d08ca3173ea4c98614e9a20b434c00a1e7b535b8f7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-13434\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13434" ], "name" : "CVE-2020-13434", "csaw" : false }