Lucene search

K
cveMitreCVE-2020-15358
HistoryJun 27, 2020 - 12:15 p.m.

CVE-2020-15358

2020-06-2712:15:11
CWE-787
mitre
web.nvd.nist.gov
308
5
sqlite
cve-2020-15358
select.c
query-flattener optimization
heap overflow
nvd
security
vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

52.4%

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Affected configurations

Nvd
Node
sqlitesqliteRange<3.32.3
Node
canonicalubuntu_linuxMatch20.04lts
Node
appleicloudRange<7.21windows
OR
appleipadosRange<14.0
OR
appleiphone_osRange<14.0
OR
applemacosRange<11.0.1
OR
appletvosRange<14.0
OR
applewatchosRange<7.0
Node
oraclecommunications_cloud_native_core_policyMatch1.14.0
OR
oraclecommunications_messaging_serverMatch8.1
OR
oraclecommunications_network_charging_and_controlMatch6.0.1
OR
oraclecommunications_network_charging_and_controlMatch12.0.2
OR
oracleenterprise_manager_ops_centerMatch12.4.0.0
OR
oraclehyperion_infrastructure_technologyMatch11.1.2.4
OR
oraclemysqlRangeโ‰ค8.0.22
OR
oracleoutside_in_technologyMatch8.5.4
OR
oracleoutside_in_technologyMatch8.5.5
Node
siemenssinec_infrastructure_network_servicesRange<1.0.1.1

References

Social References

More

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

52.4%