CVE-2017-13685medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
References
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
http://www.securityfocus.com/bid/100521
Details
Source: MITRE
Published: 2017-08-29
Updated: 2017-08-31
Type: CWE-20
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 126065 | Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : SQLite vulnerabilities (USN-4019-1) | Nessus | Ubuntu Local Security Checks | critical |
| 110401 | Fedora 27 : sqlite (2018-8d8f0e1643) | Nessus | Fedora Local Security Checks | high |