ASB-A-192606047
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-192606047.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-192606047
- Aliases
-
- A-192606047
- BIT-sqlite-2020-13871
- CVE-2020-13871
- Published
- 2021-11-01T00:00:00Z
- Modified
- 2024-08-07T19:30:06.800591Z
- Summary
- Malicious SQL statement causes a read-only use-after-free memory error.
- Details
-
In resetAccumulator of select.c, there is a possible use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/sqlite
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 20343.0,
"function_hash": "9583414208414743158198687778122929959"
},
"id": "ASB-A-192606047-003b81bc",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c",
"function": "sqlite3Select"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1950.0,
"function_hash": "331916474429917678620842977669099184144"
},
"id": "ASB-A-192606047-2946f736",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c",
"function": "sqlite3ColumnsFromExprList"
},
"signature_type": "Function"
},
{
"digest": {
"length": 271.0,
"function_hash": "276913520737806181320022957505775357805"
},
"id": "ASB-A-192606047-4c03e526",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c",
"function": "fts5SourceIdFunc"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1950.0,
"function_hash": "331916474429917678620842977669099184144"
},
"id": "ASB-A-192606047-66eccbc5",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c",
"function": "sqlite3ColumnsFromExprList"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"199070197837573109235156897693055841300",
"254229894017524972120709405948172853767",
"117289713787236159983045952722556725477",
"83075987026358748734830566620063112306",
"7951125864893504766005905678806805383",
"104963192835081057512602139196411208570",
"171430600765845378393951066638538628914",
"257962578340537201723776040392316058654",
"131926247557348145843231241367400661900",
"174979528478897803753253515073224595790",
"209870398122955359073428200172119955405",
"151050557461900282148771416907916700869",
"192452138068915417185948228625881482141",
"156071605387590786447646150247604637989",
"186028635102580737276515053699023068249",
"32672734626909332816955162695109279063",
"336787501190228960756609026893114263296",
"281321620965984176234404433852957354689",
"121917876313134938879789596470941777206",
"247277293272431472357093088916183137262",
"155501003580640798209743296459903212720",
"72620454220112932562903483715801679517",
"55110336105843603319763953298770415242",
"48459986241853125501561029874123365719",
"330013460199952738388137397509706555698",
"227916312026899335266338704526692135876",
"273125721437435892088513926859510148025",
"67190533239793431795105156594994158624",
"274394521767918648042752744476929774494",
"139821460379877225986311840565084910524",
"206435657768126014631598430801510681322",
"333322203081154416177587936163218910128",
"177647646310442064110094650501263765181",
"4035537528797314661689936524946104175"
]
},
"id": "ASB-A-192606047-71cb2ff7",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 5510.0,
"function_hash": "68185368294323549256030120146732788245"
},
"id": "ASB-A-192606047-75080585",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c",
"function": "flattenSubquery"
},
"signature_type": "Function"
},
{
"digest": {
"length": 7286.0,
"function_hash": "316533365345574809383620359631629669570"
},
"id": "ASB-A-192606047-a7862a87",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c",
"function": "multiSelect"
},
"signature_type": "Function"
},
{
"digest": {
"length": 271.0,
"function_hash": "276913520737806181320022957505775357805"
},
"id": "ASB-A-192606047-b1bb9e76",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c",
"function": "fts5SourceIdFunc"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"199070197837573109235156897693055841300",
"254229894017524972120709405948172853767",
"117289713787236159983045952722556725477",
"83075987026358748734830566620063112306",
"7951125864893504766005905678806805383",
"104963192835081057512602139196411208570",
"171430600765845378393951066638538628914",
"257962578340537201723776040392316058654",
"131926247557348145843231241367400661900",
"174979528478897803753253515073224595790",
"209870398122955359073428200172119955405",
"151050557461900282148771416907916700869",
"192452138068915417185948228625881482141",
"156071605387590786447646150247604637989",
"186028635102580737276515053699023068249",
"32672734626909332816955162695109279063",
"336787501190228960756609026893114263296",
"281321620965984176234404433852957354689",
"121917876313134938879789596470941777206",
"247277293272431472357093088916183137262",
"155501003580640798209743296459903212720",
"72620454220112932562903483715801679517",
"55110336105843603319763953298770415242",
"48459986241853125501561029874123365719",
"330013460199952738388137397509706555698",
"227916312026899335266338704526692135876",
"273125721437435892088513926859510148025",
"67190533239793431795105156594994158624",
"274394521767918648042752744476929774494",
"139821460379877225986311840565084910524",
"206435657768126014631598430801510681322",
"333322203081154416177587936163218910128",
"177647646310442064110094650501263765181",
"4035537528797314661689936524946104175"
]
},
"id": "ASB-A-192606047-b347892c",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 7286.0,
"function_hash": "316533365345574809383620359631629669570"
},
"id": "ASB-A-192606047-bef77809",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/sqlite3.c",
"function": "multiSelect"
},
"signature_type": "Function"
},
{
"digest": {
"length": 20343.0,
"function_hash": "9583414208414743158198687778122929959"
},
"id": "ASB-A-192606047-c0765a30",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c",
"function": "sqlite3Select"
},
"signature_type": "Function"
},
{
"digest": {
"length": 5510.0,
"function_hash": "68185368294323549256030120146732788245"
},
"id": "ASB-A-192606047-fef6197b",
"source": "https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dist/orig/sqlite3.c",
"function": "flattenSubquery"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/sqlite/+/201685e7989c5a890c806c408d2ffc6a003cd8d4"
],
"spl": "2021-11-01",
"severity": "High",
"types": [
"ID"
]
}