Main Vulnerability Database SB2021072926

SB2021072926 - SUSE update for sqlite3

Published: July 29, 2021

Security Bulletin ID SB2021072926

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2019-20218)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak within the selectExpander() function in select.c in SQLite, caused by incorrect exception handling, related to stack unwinding. A remote attacker can trigger with ability to modify the WITH SQL query can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-202114771-1/