Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P1: Critical
-
Resolution: Done
-
Affects Version/s: 5.14.1
-
Fix Version/s: 5.12.8, 5.14.2, 5.15.0 Beta3
-
Component/s: SQL Support
-
Labels:None
-
Commits:2c1b4e37b936f64d6b52e2bc10ff97184a714b9a (qt/qtbase/5.14.2) cf925913486f83d2556308d2f9e545a36abb6fa4 (qt/qtbase/5.12)
Description
Hello
There is new vulnerability discovered in SQLite 3.31.1: CVE-2020-9327
https://nvd.nist.gov/vuln/detail/CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Could you please share your plans for fixing it in Qt?
BR/Barbara Rosinska