CVE-2020-13631

Publication date 27 May 2020

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

Read the notes from the security team

Status

Package Ubuntu Release Status
sqlite 20.04 LTS focal Ignored
19.10 eoan Ignored
18.04 LTS bionic Ignored
16.04 LTS xenial Ignored
14.04 LTS trusty Ignored
sqlite3 20.04 LTS focal
Fixed 3.31.1-4ubuntu0.1
19.10 eoan
Fixed 3.29.0-2ubuntu0.3
18.04 LTS bionic Ignored
16.04 LTS xenial Ignored
14.04 LTS trusty Ignored

Notes


mdeslaur

The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
sqlite3

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Related Ubuntu Security Notices (USN)

Other references