CVE-2020-11656

CVE	CVE-2020-11656
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-04-09 03:15:00 UTC
Updated	2022-04-08 10:34:00 UTC
Description	In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Operating System	Oracle	Communications Messaging Server	8.1	All	All	All
Application	Oracle	Communications Network Charging And Control	12.0.2	All	All	All
Application	Oracle	Communications Network Charging And Control	6.0.1	All	All	All
Application	Oracle	Communications Network Charging And Control	6.0.1	All	All	All
Application	Oracle	Communications Network Charging And Control	All	All	All	All
Application	Oracle	Enterprise Manager Ops Center	12.4.0.0	All	All	All
Application	Oracle	Enterprise Manager Ops Center	12.4.0.0	All	All	All
Application	Oracle	Hyperion Infrastructure Technology	11.1.2.4	All	All	All
Application	Oracle	Mysql	All	All	All	All
Application	Oracle	Mysql Workbench	All	All	All	All
Application	Oracle	Outside In Technology	8.5.4	All	All	All
Application	Oracle	Outside In Technology	8.5.5	All	All	All
Application	Oracle	Outside In Technology	8.5.4	All	All	All
Application	Oracle	Outside In Technology	8.5.5	All	All	All
Application	Oracle	Zfs Storage Appliance Kit	8.8	All	All	All
Application	Oracle	Zfs Storage Appliance Kit	8.8	All	All	All
Application	Siemens	Sinec Infrastructure Network Services	All	All	All	All
Application	Sqlite	Sqlite	All	All	All	All
Application	Tenable	Tenable.sc	All	All	All	All

Reference	Source	Link	Tags
Oracle Critical Patch Update Advisory - July 2020	MISC	www.oracle.com	Third Party Advisory
April 2020 SQLite Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
FreeBSD-SA-20:22	FREEBSD	security.FreeBSD.org	Third Party Advisory
Oracle Critical Patch Update Advisory - October 2020	MISC	www.oracle.com	Third Party Advisory
SQLite: Multiple vulnerabilities (GLSA 202007-26) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory \| Tenable®	CONFIRM	www.tenable.com
SQLite: Check-in [d09f8c36]	MISC	www.sqlite.org	Patch, Vendor Advisory
SQLite: Check-in [b64674919f]	MISC	www3.sqlite.org	Patch, Vendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	CONFIRM	cert-portal.siemens.com
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2021	MISC	www.oracle.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

296074 Oracle Solaris 11.4 Support Repository Update (SRU) 22.69.4 Missing (CPUAPR2020)
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
904834 Common Base Linux Mariner (CBL-Mariner) Security Update for nss (12397)
904879 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (12348)
904886 Common Base Linux Mariner (CBL-Mariner) Security Update for libdb (12353)
904913 Common Base Linux Mariner (CBL-Mariner) Security Update for fluent-bit (12330)
904929 Common Base Linux Mariner (CBL-Mariner) Security Update for perl-DBD-SQLite (12409)
904958 Common Base Linux Mariner (CBL-Mariner) Security Update for mozjs60 (12365)
904986 Common Base Linux Mariner (CBL-Mariner) Security Update for libdb (12513)
905040 Common Base Linux Mariner (CBL-Mariner) Security Update for nss (12598)
905122 Common Base Linux Mariner (CBL-Mariner) Security Update for heimdal (12496)