CVE-2021-20227 - log back

CVE-2021-20227 edited at 05 Feb 2021 08:57:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ There is a flaw in sqlite's SELECT query functionality (src/select.c) before version 3.34.1. An attacker who is capable of running SQL queries locally on the sqlite database could cause a denial of service or possibly code execution by triggering a use-after-free.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1924886
+ https://sqlite.org/src/info/30a4c323650cc949
Notes
CVE-2021-20227 created at 05 Feb 2021 08:53:54