The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SQLite: assertion error via Table Renaming

Synthesis of the vulnerability 

An attacker can force an assertion error via Table Renaming of SQLite, in order to trigger a denial of service.
Impacted software: Oracle Communications, Solaris, SQLite.
Severity of this computer vulnerability: 1/4.
Creation date: 10/04/2020.
Références of this announce: cpujul2020, CVE-2020-11656, VIGILANCE-VUL-31996.

Description of the vulnerability 

An attacker can force an assertion error via Table Renaming of SQLite, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability impacts software or systems such as Oracle Communications, Solaris, SQLite.

Our Vigil@nce team determined that the severity of this weakness bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user account.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness.

Solutions for this threat 

SQLite: patch for Table Renaming.
A patch is indicated in information sources.

Oracle Communications: CPU of July 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2681987.1
  https://support.oracle.com/rs?type=doc&id=2682459.1
  https://support.oracle.com/rs?type=doc&id=2682014.1
  https://support.oracle.com/rs?type=doc&id=2683787.1
  https://support.oracle.com/rs?type=doc&id=2683788.1
  https://support.oracle.com/rs?type=doc&id=2683789.1
  https://support.oracle.com/rs?type=doc&id=2682045.1
  https://support.oracle.com/rs?type=doc&id=2683831.1
  https://support.oracle.com/rs?type=doc&id=2682010.1
  https://support.oracle.com/rs?type=doc&id=2683832.1
  https://support.oracle.com/rs?type=doc&id=2682500.1
  https://support.oracle.com/rs?type=doc&id=2683241.1
  https://support.oracle.com/rs?type=doc&id=2682011.1
  https://support.oracle.com/rs?type=doc&id=2683840.1
  https://support.oracle.com/rs?type=doc&id=2682018.1
  https://support.oracle.com/rs?type=doc&id=2683841.1
  https://support.oracle.com/rs?type=doc&id=2683842.1
  https://support.oracle.com/rs?type=doc&id=2683843.1
  https://support.oracle.com/rs?type=doc&id=2683845.1

Oracle Solaris: CPU of July 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2684942.1

Oracle Solaris: patch for third party software of April 2020 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Wind River Linux: version 10.19.45.7.
The version 10.19.45.7 is fixed:
  https://support2.windriver.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities announce. The Vigil@nce vulnerability database contains several thousand vulnerabilities.