Unrated severityNVD Advisory· Published Jun 27, 2020· Updated Aug 4, 2024
CVE-2020-15358
CVE-2020-15358
Description
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Affected products
1- SQLite/SQLitedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- security.gentoo.org/glsa/202007-26mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4438-1/mitrevendor-advisoryx_refsource_UBUNTU
- seclists.org/fulldisclosure/2020/Dec/32mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/19mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/20mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/22mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2021/Feb/14mitremailing-listx_refsource_FULLDISC
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200709-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211843mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211844mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211847mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211850mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211931mitrex_refsource_CONFIRM
- support.apple.com/kb/HT212147mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
- www.sqlite.org/src/info/10fa79d00f8091e5mitrex_refsource_MISC
- www.sqlite.org/src/timelinemitrex_refsource_MISC
- www.sqlite.org/src/tktviewmitrex_refsource_MISC
News mentions
1- ABB B&R Automation StudioCISA ICS Advisories