CVE-2020-15358

Exploit

EPSS 0.04%
Published 27.06.2020 12:15:11
Last modified 21.11.2024 05:05:24
Source cve@mitre.org
Teams watchlist Login
Open Login

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Affected products Warnungen 0 Metrics 3 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Sqlite ≫ Sqlite Version < 3.32.3

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Apple ≫ iCloud SwPlatformwindows Version < 7.21

Apple ≫ iPadOS Version < 14.0

Apple ≫ iPhone OS Version < 14.0

Apple ≫ macOS Version < 11.0.1

Apple ≫ tvOS Version < 14.0

Apple ≫ watchOS Version < 7.0

Oracle ≫ Communications Cloud Native Core Policy Version1.14.0

Oracle ≫ Communications Messaging Server Version8.1

Oracle ≫ Communications Network Charging And Control Version6.0.1

Oracle ≫ Communications Network Charging And Control Version12.0.2

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Hyperion Infrastructure Technology Version11.1.2.4

Oracle ≫ Mysql Version <= 8.0.22

Oracle ≫ Outside In Technology Version8.5.4

Oracle ≫ Outside In Technology Version8.5.5

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.106

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Third Party Advisory

http://seclists.org/fulldisclosure/2020/Dec/32

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/20

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT211850

Third Party Advisory

https://support.apple.com/kb/HT211931

Third Party Advisory

https://security.gentoo.org/glsa/202007-26

Third Party Advisory

http://seclists.org/fulldisclosure/2020/Nov/19

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/22

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT211843

Third Party Advisory

https://support.apple.com/kb/HT211844

Third Party Advisory

http://seclists.org/fulldisclosure/2021/Feb/14

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT212147

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200709-0001/

Third Party Advisory

https://support.apple.com/kb/HT211847

Third Party Advisory

https://usn.ubuntu.com/4438-1/

Third Party Advisory

https://www.sqlite.org/src/info/10fa79d00f8091e5

Patch

Vendor Advisory

https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2

Patch

Vendor Advisory

https://www.sqlite.org/src/tktview?name=8f157e8010

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-15358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15358

EUVD