CVE-2021-3119

SQL Injection in conan/sqlcipher

Identifier

CVE-2021-3119

Package Slug

conan/sqlcipher

Vulnerability

SQL Injection

Description

Zetetic SQLCipher has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.

Affected Versions

All versions starting from 4.0 before 4.4.3

Solution

Upgrade to version 4.4.3 or above.

Last Modified

2021-03-29

source