Use After Free

CVE-2021-20227

Medium

5.5/10

Summary

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. This affects versions before 3.34.1

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-416 - Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

References

Release Note
Advisory
Issue
Patch

Advisory Timeline

Published Mar 23, 2021

Use After Free

CVE-2021-20227

Summary

CWE-416 - Use After Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS