In SQLite before 3.32.3 select.c mishandles query-flattener optimization leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

🗓️ 11 Feb 2021 00:00:00Reported by MicrosoftType

SQLite before 3.32.3 mishandles query flattening, causing heap overflow in multiSelectOrderBy due to faulty constant propagation.

Reporter	Title	Published	Views	Family All 197
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	31 May 202214:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-15358)	13 Jan 202118:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	3 Dec 202118:52	–	ibm
IBM Security Bulletins	Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2020-15358)	22 Sep 202002:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	2 Feb 202105:06	–	ibm
IBM Security Bulletins	Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization	20 Jul 202020:12	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0111: sqlite (ALINUX3-SA-2022:0111)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0121: mingw packages (ALINUX3-SA-2022:0121)	14 May 202500:00	–	nessus

Vulners

Node

11 Feb 2021 00:00Current

7High risk

Vulners AI Score7

CVSS 22.1

CVSS 3.15.5

EPSS0.00076