[QTBUG-82533] CVE-2019-19880 in SQLite3.31.1 : CVE-2020-9327 - Qt Bug Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P1: Critical
Resolution: Done
Affects Version/s: 5.14.1
Fix Version/s: 5.12.8, 5.14.2, 5.15.0 Beta3
Component/s: SQL Support
Labels:
None

Commits:
2c1b4e37b936f64d6b52e2bc10ff97184a714b9a (qt/qtbase/5.14.2) cf925913486f83d2556308d2f9e545a36abb6fa4 (qt/qtbase/5.12)

Description

Hello

There is new vulnerability discovered in SQLite 3.31.1: CVE-2020-9327

https://nvd.nist.gov/vuln/detail/CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Could you please share your plans for fixing it in Qt?

BR/Barbara Rosinska

Attachments

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

For Gerrit Dashboard: QTBUG-82533
#	Subject	Branch	Project	Status	CR	V
292349,2	Fix CVE-2020-9327 in SQLite	5.12	qt/qtbase	Status: MERGED	+2	0
292841,4	Fix CVE-2020-9327 in SQLite	5.14.2	qt/qtbase	Status: MERGED	+2	0

Activity

People

Assignee:: Andy Shaw

Reporter:: Barbara Rosinska

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26 Feb '20 14:43

Updated:: 23 Mar '20 16:12

Resolved:: 04 Mar '20 16:01

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

Fix CVE-2020-9327 in SQLite: Gerrit Review:

Fix CVE-2020-9327 in SQLite: Gerrit Review: