{ "threat_severity" : "Moderate", "public_date" : "2020-02-21T00:00:00Z", "bugzilla" : { "description" : "sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations", "id" : "1809315", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1809315" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.", "A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4442", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "sqlite-0:3.26.0-11.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4442", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "sqlite-0:3.26.0-11.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "sqlite", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-9327\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9327" ], "name" : "CVE-2020-9327", "csaw" : false }