CVE-2020-15358medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
References
https://www.sqlite.org/src/info/10fa79d00f8091e5
https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
https://www.sqlite.org/src/tktview?name=8f157e8010
https://security.netapp.com/advisory/ntap-20200709-0001/
https://security.gentoo.org/glsa/202007-26
https://usn.ubuntu.com/4438-1/
https://www.oracle.com/security-alerts/cpuoct2020.html
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT211844
https://support.apple.com/kb/HT211850
https://support.apple.com/kb/HT211843
https://support.apple.com/kb/HT211847
http://seclists.org/fulldisclosure/2020/Nov/19
http://seclists.org/fulldisclosure/2020/Nov/22
http://seclists.org/fulldisclosure/2020/Nov/20
http://seclists.org/fulldisclosure/2020/Dec/32
https://www.oracle.com/security-alerts/cpujan2021.html
https://support.apple.com/kb/HT212147
Details
Source: MITRE
Published: 2020-06-27
Updated: 2021-09-22
Type: CWE-787
Risk Information
CVSS v2
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 8.0.22 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 153643 | SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1) | Nessus | SuSE Local Security Checks | critical |
| 152986 | Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) | Nessus | Misc. | high |
| 151985 | Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated) | Nessus | Misc. | high |
| 151816 | openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:1058-1) | Nessus | SuSE Local Security Checks | critical |
| 151748 | openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:2320-1) | Nessus | SuSE Local Security Checks | critical |
| 151654 | SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1) | Nessus | SuSE Local Security Checks | critical |
| 149928 | Oracle Linux 8 : sqlite (ELSA-2021-1581) | Nessus | Oracle Linux Local Security Checks | medium |
| 149732 | CentOS 8 : sqlite (CESA-2021:1581) | Nessus | CentOS Local Security Checks | medium |
| 149677 | RHEL 8 : sqlite (RHSA-2021:1581) | Nessus | Red Hat Local Security Checks | medium |
| 148357 | Photon OS 4.0: Mysql PHSA-2021-4.0-0007 | Nessus | PhotonOS Local Security Checks | high |
| 147482 | EulerOS Virtualization 2.9.1 : sqlite (EulerOS-SA-2021-1626) | Nessus | Huawei Local Security Checks | high |
| 146086 | macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147) | Nessus | MacOS X Local Security Checks | high |
| 143115 | macOS 11.0.x < 11.0.1 | Nessus | MacOS X Local Security Checks | high |
| 140011 | EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1908) | Nessus | Huawei Local Security Checks | medium |
| 139157 | EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1827) | Nessus | Huawei Local Security Checks | high |
| 139026 | Ubuntu 20.04 : SQLite vulnerability (USN-4438-1) | Nessus | Ubuntu Local Security Checks | medium |
| 138949 | GLSA-202007-26 : SQLite: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 138521 | Photon OS 3.0: Sqlite PHSA-2020-3.0-0113 | Nessus | PhotonOS Local Security Checks | medium |
| 138518 | Photon OS 1.0: Sqlite PHSA-2020-1.0-0308 | Nessus | PhotonOS Local Security Checks | medium |
| 138515 | Photon OS 2.0: Sqlite PHSA-2020-2.0-0261 | Nessus | PhotonOS Local Security Checks | medium |