Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-20227 - log back

CVE-2021-20227 edited at 05 Feb 2021 08:57:05

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Arbitrary code execution

Description

+	There is a flaw in sqlite's SELECT query functionality (src/select.c) before version 3.34.1. An attacker who is capable of running SQL queries locally on the sqlite database could cause a denial of service or possibly code execution by triggering a use-after-free.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=1924886
+	https://sqlite.org/src/info/30a4c323650cc949

Notes

CVE-2021-20227 created at 05 Feb 2021 08:53:54