Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P1: Critical
-
Resolution: Done
-
Affects Version/s: 5.14.1
-
Fix Version/s: 5.12.8, 5.14.2, 5.15.0 Beta3
-
Component/s: SQL Support
-
Labels:None
-
Commits:2c1b4e37b936f64d6b52e2bc10ff97184a714b9a (qt/qtbase/5.14.2) cf925913486f83d2556308d2f9e545a36abb6fa4 (qt/qtbase/5.12)
Description
Hello
There is new vulnerability discovered in SQLite 3.31.1: CVE-2020-9327
https://nvd.nist.gov/vuln/detail/CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Could you please share your plans for fixing it in Qt?
BR/Barbara Rosinska
Attachments
For Gerrit Dashboard: QTBUG-82533 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
292349,2 | Fix CVE-2020-9327 in SQLite | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |
292841,4 | Fix CVE-2020-9327 in SQLite | 5.14.2 | qt/qtbase | Status: MERGED | +2 | 0 |