{"id":"CVE-2021-20227","details":"A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.","aliases":["BIT-sqlite-2021-20227"],"modified":"2026-04-11T12:35:18.964365Z","published":"2021-03-23T17:15:13.747Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"12.0.1.0"},{"last_affected":"12.0.4.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"6.0.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"13.4.0.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.4.0.0:*:*:*:*:*:*:*"},{"extracted_events":[{"fixed":"9.2.6.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.0.26"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.5.5"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.8"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202103-04"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-40"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210423-0010/"},{"type":"ADVISORY","url":"https://www.sqlite.org/releaselog/3_34_1.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924886"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"ef215fbf3b581ef4e0273bb3932fa522af88fd7e"},{"fixed":"60405cd15cdd085745101a29112043299d439cfa"}],"database_specific":{"extracted_events":[{"introduced":"3.33.0"},{"fixed":"3.34.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"}}],"versions":["version-3.33.0","version-3.34.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20227.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}