Lucene search

[email protected]CVE-2020-11655

HistoryApr 09, 2020 - 3:15 a.m.

CVE-2020-11655

2020-04-0903:15:11

CWE-665

[email protected]

web.nvd.nist.gov

224

sqlite

3.31.1

denial of service

segmentation fault

agginfo

cve-2020-11655

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.7%

JSON

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object’s initialization is mishandled.

Affected configurations

NVD

Node

sqlitesqliteRange≤3.31.1

Node

netappontap_select_deploy_administration_utilityMatch-

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

canonicalubuntu_linuxMatch20.04lts

Node

oraclecommunications_element_managerRange8.2.0–8.2.2

oraclecommunications_network_charging_and_controlRange12.0.0–12.0.3

oraclecommunications_network_charging_and_controlMatch6.0.1

oraclecommunications_network_charging_and_controlMatch12.0.2

oraclecommunications_session_report_managerRange8.2.0–8.2.2

oraclecommunications_session_route_managerRange8.2.0–8.2.2

oracleenterprise_manager_ops_centerMatch12.4.0.0

oraclehyperion_infrastructure_technologyMatch11.1.2.4

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oraclemysqlRange8.0.0–8.0.22

oraclemysql_workbenchRange≤8.0.22

oracleoutside_in_technologyMatch8.5.4

oracleoutside_in_technologyMatch8.5.5

oraclezfs_storage_appliance_kitMatch8.8

oraclecommunications_messaging_serverMatch8.1

Node

siemenssinec_infrastructure_network_servicesRange<1.0.1.1

Node

tenabletenable.scRange<5.19.0

CPENameOperatorVersion
sqlite:sqlitesqlitele3.31.1

CPE	Name	Operator	Version
sqlite:sqlite	sqlite	le	3.31.1

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

lists.debian.org/debian-lts-announce/2020/05/msg00006.html

lists.debian.org/debian-lts-announce/2020/08/msg00037.html

security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc

security.gentoo.org/glsa/202007-26

security.netapp.com/advisory/ntap-20200416-0001/

usn.ubuntu.com/4394-1/

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.tenable.com/security/tns-2021-14

www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11

www3.sqlite.org/cgi/src/tktview?name=af4556bb5c

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.7%

JSON

CVE-2020-11655

Affected configurations

References

Social References

Related