CVE-2020-15358
MEDIUM5.5EPSS 0.08%發布日:2020/6/27修改日:2026/4/28
描述
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
受影響套件(3)
- Alpine/sqlitefrom 0, < 3.32.1-r1
- Bitnami/sqlitefrom 0, < 3.32.3
- Debian/sqlite3from 0, < 3.32.3-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
參考連結(25)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2020-15358
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-15358
- WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- WEBhttp://seclists.org/fulldisclosure/2020/Dec/32
- WEBhttp://seclists.org/fulldisclosure/2020/Nov/19
- WEBhttp://seclists.org/fulldisclosure/2020/Nov/20
- WEBhttp://seclists.org/fulldisclosure/2020/Nov/22
- WEBhttp://seclists.org/fulldisclosure/2021/Feb/14
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-15358
- WEBhttps://security.gentoo.org/glsa/202007-26
- WEBhttps://security.netapp.com/advisory/ntap-20200709-0001/
- WEBhttps://support.apple.com/kb/HT211843
- WEBhttps://support.apple.com/kb/HT211844
- WEBhttps://support.apple.com/kb/HT211847
- WEBhttps://support.apple.com/kb/HT211850
- WEBhttps://support.apple.com/kb/HT211931
- WEBhttps://support.apple.com/kb/HT212147
- WEBhttps://usn.ubuntu.com/4438-1/
- WEBhttps://www.oracle.com/security-alerts/cpuApr2021.html
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html
- WEBhttps://www.oracle.com/security-alerts/cpujan2021.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2020.html
- WEBhttps://www.sqlite.org/src/info/10fa79d00f8091e5
- WEBhttps://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
- WEBhttps://www.sqlite.org/src/tktview?name=8f157e8010