Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
References
Configurations
History
No history.
Information
Published : 2020-11-26 17:15
Updated : 2024-11-21 05:20
NVD link : CVE-2020-27207
Mitre link : CVE-2020-27207
CVE.ORG link : CVE-2020-27207
JSON object : View
Products Affected
zetetic
- sqlcipher
CWE
CWE-416
Use After Free