CVE-2020-13871
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
SQLite versión 3.32.2, presenta un uso de la memoria previamente liberada en la función resetAccumulator en el archivo select.c porque la reescritura del árbol de análisis para funciones de ventana es demasiado tarde
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-06 CVE Reserved
- 2020-06-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200619-0002 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuApr2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.sqlite.org/src/info/c8d3b9f0a750a529 | 2024-08-04 | |
| https://www.sqlite.org/src/info/cd708fa84d2aaaea | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2023-11-07 | |
| https://www.sqlite.org/src/info/79eff1d0383179c4 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | 3.32.2 Search vendor "Sqlite" for product "Sqlite" and version "3.32.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Messaging Server Search vendor "Oracle" for product "Communications Messaging Server" | 8.1 Search vendor "Oracle" for product "Communications Messaging Server" and version "8.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 6.0.1 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "6.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 12.0.2 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "12.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hyperion Infrastructure Technology Search vendor "Oracle" for product "Hyperion Infrastructure Technology" | 11.1.2.4 Search vendor "Oracle" for product "Hyperion Infrastructure Technology" and version "11.1.2.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Workbench Search vendor "Oracle" for product "Mysql Workbench" | <= 8.0.22 Search vendor "Oracle" for product "Mysql Workbench" and version " <= 8.0.22" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||