Search for vulnerabilities
Vulnerability details: VCID-pwp3-98u5-aaap
Vulnerability ID VCID-pwp3-98u5-aaap
Aliases CVE-2021-20223
Summary An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.
Status Invalid
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20223
Reference id Reference type URL
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20223
https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b
https://sqlite.org/src/info/b7b7bde9b7a03665
https://www.sqlite.org/forum/forumpost/09609d7e22
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
CVE-2021-20223 https://nvd.nist.gov/vuln/detail/CVE-2021-20223
USN-5615-1 https://usn.ubuntu.com/5615-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20223
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-04-19T00:58:51.131534+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2021-20223 36.0.0