Описание
Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | introduced in 4.1.0 |
| devel | not-affected | introduced in 4.1.0 |
| esm-apps/bionic | not-affected | introduced in 4.1.0 |
| esm-apps/focal | not-affected | introduced in 4.1.0 |
| esm-apps/xenial | not-affected | introduced in 4.1.0 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | introduced in 4.1.0 |
| groovy | not-affected | introduced in 4.1.0 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...
Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3