Unrated severityNVD Advisory· Published Jun 27, 2020· Updated Aug 4, 2024
CVE-2020-15358
CVE-2020-15358
Description
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
42- SQLite/SQLitedescription
- osv-coords40 versionspkg:apk/chainguard/mysql-8.0pkg:apk/chainguard/mysql-8.0-bitnami-compatpkg:apk/chainguard/mysql-8.0-clientpkg:apk/chainguard/mysql-8.0-devpkg:apk/chainguard/mysql-8.0-iamguarded-compatpkg:apk/chainguard/mysql-8.0-oci-entrypointpkg:apk/chainguard/mysql-8.0-oci-entrypoint-compatpkg:bitnami/sqlitepkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/sqlite3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/sqlite3&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 8.0.38-r0+ 39 more
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 3.32.3
- (no CPE)range: < 3.36.0-lp152.4.3.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-3.12.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
Patches
Vulnerability mechanics
References
22- security.gentoo.org/glsa/202007-26mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4438-1/mitrevendor-advisoryx_refsource_UBUNTU
- seclists.org/fulldisclosure/2020/Dec/32mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/19mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/20mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Nov/22mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2021/Feb/14mitremailing-listx_refsource_FULLDISC
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20200709-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211843mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211844mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211847mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211850mitrex_refsource_CONFIRM
- support.apple.com/kb/HT211931mitrex_refsource_CONFIRM
- support.apple.com/kb/HT212147mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
- www.sqlite.org/src/info/10fa79d00f8091e5mitrex_refsource_MISC
- www.sqlite.org/src/timelinemitrex_refsource_MISC
- www.sqlite.org/src/tktviewmitrex_refsource_MISC
News mentions
1- ABB B&R Automation StudioCISA ICS Advisories