CVE-2021-36690

{"id": "CVE-2021-36690", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-24T14:15:09.797", "references": [{"url": "http://seclists.org/fulldisclosure/2022/Oct/28", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/39", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/41", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/47", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/49", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT213446", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT213486", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT213487", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT213488", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sqlite.org/forum/forumpost/718c0a8d17", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library."}, {"lang": "es", "value": "** EN DISPUTA ** Puede producirse un fallo de segmentaci\u00f3n en el componente command-line sqlite3.exe de SQLite versi\u00f3n 3.36.0 por medio de la funci\u00f3n idxGetTableInfo cuando hay una consulta SQL manipulada. NOTA: el proveedor disputa la relevancia de este informe porque un usuario de sqlite3.exe ya tiene privilegios completos (por ejemplo, se le permite intencionadamente ejecutar comandos). Este informe NO implica ning\u00fan problema en la biblioteca SQLite."}], "lastModified": "2024-08-04T01:15:46.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:3.36.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A125D02-6347-4B7A-B929-5B95821AD58E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D9387F-63B6-41B3-8BDC-A6102EE5F1E2", "versionEndExcluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC", "versionEndExcluding": "13.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "534DED19-82FC-4E39-BFD3-F2FE5C71A66B", "versionEndExcluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712A2CD4-6807-496A-8467-BFB138371E51", "versionEndExcluding": "9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}