CVE-2021-36690
Summary
| CVE | CVE-2021-36690 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-24 14:15:00 UTC |
| Updated | 2023-11-07 03:36:00 UTC |
| Description | ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Operating System | Apple | Macos13.0 | All | All | All | All |
| Operating System | Apple | Macos13.0 | 11.7 | All | All | All |
| Operating System | Apple | Mac Os X | 10.12.6 | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Application | Oracle | Zfs Storage Appliance Kit | 8.8 | All | All | All |
| Application | Sqlite | Sqlite | 3.36.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 | FULLDISC | seclists.org | |
| Oracle Critical Patch Update Advisory - January 2022 | N/A | www.oracle.com | |
| Full Disclosure: APPLE-SA-2022-10-27-13 watchOS 9 | FULLDISC | seclists.org | |
| About the security content of macOS Ventura 13 - Apple Support | CONFIRM | support.apple.com | |
| About the security content of watchOS 9 - Apple Support | CONFIRM | support.apple.com | |
| SQLite Home Page | MISC | sqlite.com | |
| About the security content of iOS 16 - Apple Support | CONFIRM | support.apple.com | |
| About the security content of tvOS 16 - Apple Support | CONFIRM | support.apple.com | |
| SQLite Forum: Segmentation fault in idxGetTableInfo | MISC | www.sqlite.org | |
| Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2022-10-27-11 tvOS 16 | FULLDISC | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183086 Debian Security Update for sqlite3 (CVE-2021-36690)
- 198773 Ubuntu Security Notification for SQLite Vulnerability (USN-5403-1)
- 296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 610446 Apple iOS 16 Security Update Missing
- 670817 EulerOS Security Update for sqlite (EulerOS-SA-2021-2697)
- 670825 EulerOS Security Update for sqlite (EulerOS-SA-2021-2722)
- 670985 EulerOS Security Update for sqlite (EulerOS-SA-2021-2644)
- 752602 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3307-1)
- 752612 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3401-1)
- 752755 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3307-2)
- 901961 Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (8484-1)