CVE-2020-15358

Name
CVE-2020-15358
Description
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://www.sqlite.org/src/info/10fa79d00f8091e5
Patch https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
Exploit https://www.sqlite.org/src/tktview?name=8f157e8010
Third Party Advisory https://security.netapp.com/advisory/ntap-20200709-0001/
Third Party Advisory https://security.gentoo.org/glsa/202007-26
Third Party Advisory https://usn.ubuntu.com/4438-1/
Third Party Advisory https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory https://support.apple.com/kb/HT211931
Third Party Advisory https://support.apple.com/kb/HT211844
Third Party Advisory https://support.apple.com/kb/HT211850
Third Party Advisory https://support.apple.com/kb/HT211843
Third Party Advisory https://support.apple.com/kb/HT211847
Mailing List http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List http://seclists.org/fulldisclosure/2020/Dec/32
Third Party Advisory https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory https://support.apple.com/kb/HT212147
Mailing List http://seclists.org/fulldisclosure/2021/Feb/14
MISC https://www.oracle.com/security-alerts/cpuApr2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= None < 3.32.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite 3.11-main 3.30.1-r2 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable
sqlite 3.10-main 3.28.0-r3 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable
sqlite 3.12-main 3.32.1-r1 Carlo Landmeter <clandmeter@gmail.com> fixed