CVE-2020-15358
sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante
A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service.
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-27 CVE Reserved
- 2020-06-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/19 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/20 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/22 | Mailing List |
|
| http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List |
|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20200709-0001 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211843 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211844 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211847 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211850 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211931 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212147 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.sqlite.org/src/tktview?name=8f157e8010 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuApr2021.html | 2022-05-12 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-05-12 | |
| https://www.sqlite.org/src/info/10fa79d00f8091e5 | 2022-05-12 | |
| https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2 | 2022-05-12 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202007-26 | 2022-05-12 | |
| https://usn.ubuntu.com/4438-1 | 2022-05-12 | |
| https://access.redhat.com/security/cve/CVE-2020-15358 | 2021-05-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1851957 | 2021-05-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | < 3.32.3 Search vendor "Sqlite" for product "Sqlite" and version " < 3.32.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Apple Search vendor "Apple" | Icloud Search vendor "Apple" for product "Icloud" | < 7.21 Search vendor "Apple" for product "Icloud" and version " < 7.21" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.0 Search vendor "Apple" for product "Ipados" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 14.0 Search vendor "Apple" for product "Iphone Os" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 11.0.1 Search vendor "Apple" for product "Macos" and version " < 11.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 14.0 Search vendor "Apple" for product "Tvos" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 7.0 Search vendor "Apple" for product "Watchos" and version " < 7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Messaging Server Search vendor "Oracle" for product "Communications Messaging Server" | 8.1 Search vendor "Oracle" for product "Communications Messaging Server" and version "8.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 6.0.1 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "6.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 12.0.2 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "12.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hyperion Infrastructure Technology Search vendor "Oracle" for product "Hyperion Infrastructure Technology" | 11.1.2.4 Search vendor "Oracle" for product "Hyperion Infrastructure Technology" and version "11.1.2.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | <= 8.0.22 Search vendor "Oracle" for product "Mysql" and version " <= 8.0.22" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.4 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.5 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||