CVE-2020-11655

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

References

https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11

https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c

https://security.netapp.com/advisory/ntap-20200416-0001/

https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html

https://usn.ubuntu.com/4394-1/

https://www.oracle.com/security-alerts/cpujul2020.html

https://security.gentoo.org/glsa/202007-26

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc

https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2020-04-09

Updated: 2021-07-22

Type: CWE-665

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* versions up to 3.31.1 (inclusive)

Configuration 2

OR

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 5

OR

cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* versions from 8.2.0 to 8.2.2 (inclusive)

cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* versions from 12.0.0 to 12.0.3 (inclusive)

cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* versions from 8.2.0 to 8.2.2 (inclusive)

cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* versions from 8.2.0 to 8.2.2 (inclusive)

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.22 (inclusive)

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
152986Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)NessusMisc.
high
151985Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated)NessusMisc.
high
148357Photon OS 4.0: Mysql PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
138949GLSA-202007-26 : SQLite: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
137800EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1693)NessusHuawei Local Security Checks
high
137439FreeBSD : several security issues in sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)NessusFreeBSD Local Security Checks
high
137353Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : SQLite vulnerabilities (USN-4394-1)NessusUbuntu Local Security Checks
high
136368Debian DLA-2203-1 : sqlite3 security updateNessusDebian Local Security Checks
high
136037Photon OS 1.0: Sqlite PHSA-2020-1.0-0289NessusPhotonOS Local Security Checks
critical
135907Photon OS 2.0: Sqlite PHSA-2020-2.0-0231NessusPhotonOS Local Security Checks
critical
135778Photon OS 3.0: Sqlite PHSA-2020-3.0-0081NessusPhotonOS Local Security Checks
critical
135745EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1512)NessusHuawei Local Security Checks
high