VDB
BIT-sqlite-2020-15358
BIT-sqlite-2020-15358
PUBLISHED
CVSS 5.5 MEDIUM
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | sqlite | 0, 0, 0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- http://seclists.org/fulldisclosure/2020/Dec/32 url
- http://seclists.org/fulldisclosure/2020/Nov/19 url
- http://seclists.org/fulldisclosure/2020/Nov/20 url
- http://seclists.org/fulldisclosure/2020/Nov/22 url
- http://seclists.org/fulldisclosure/2021/Feb/14 url
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf url
- https://security.gentoo.org/glsa/202007-26 url
- https://security.netapp.com/advisory/ntap-20200709-0001/ url
- https://support.apple.com/kb/HT211843 url
- https://support.apple.com/kb/HT211844 url
- https://support.apple.com/kb/HT211847 url
- https://support.apple.com/kb/HT211850 url
- https://support.apple.com/kb/HT211931 url
- https://support.apple.com/kb/HT212147 url
- https://usn.ubuntu.com/4438-1/ url
- https://www.oracle.com/security-alerts/cpuApr2021.html url
- https://www.oracle.com/security-alerts/cpuapr2022.html url
- https://www.oracle.com/security-alerts/cpujan2021.html url
- https://www.oracle.com/security-alerts/cpuoct2020.html url
- https://www.sqlite.org/src/info/10fa79d00f8091e5 url
…and 3 more