CVE-2020-27207: Use After Free

November 26, 2020 (updated December 3, 2020)

Zetetic SQLCipher has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.

References

nvd.nist.gov/vuln/detail/CVE-2020-27207

Code Behaviors & Features

Detect and mitigate CVE-2020-27207 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →