CVE-2020-15358
Summary
| CVE | CVE-2020-15358 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-27 12:15:00 UTC |
| Updated | 2022-05-12 15:01:00 UTC |
| Description | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Operating System | Apple | Mac Os | All | All | All | All |
| Operating System | Apple | Mac Os | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Policy | 1.14.0 | All | All | All |
| Application | Oracle | Communications Messaging Server | 8.1 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | 12.0.2 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | 6.0.1 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | 12.0.2 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | 6.0.1 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Hyperion Infrastructure Technology | 11.1.2.4 | All | All | All |
| Application | Oracle | Hyperion Infrastructure Technology | 11.1.2.4 | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Outside In Technology | 8.5.4 | All | All | All |
| Application | Oracle | Outside In Technology | 8.5.5 | All | All | All |
| Application | Oracle | Outside In Technology | 8.5.4 | All | All | All |
| Application | Oracle | Outside In Technology | 8.5.5 | All | All | All |
| Application | Siemens | Sinec Infrastructure Network Services | All | All | All | All |
| Application | Sqlite | Sqlite | All | All | All | All |
| Application | Sqlite | Sqlite | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Windows 用 iCloud 7.21 のセキュリティコンテンツについて - Apple サポート | CONFIRM | support.apple.com | Third Party Advisory |
| SQLite: Timeline | MISC | www.sqlite.org | Patch, Vendor Advisory |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| Full Disclosure: APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| About the security content of macOS Big Sur 11.0.1 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | Third Party Advisory |
| SQLite: Multiple vulnerabilities (GLSA 202007-26) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| CVE-2020-15358 SQLite Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| About the security content of tvOS 14.0 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| USN-4438-1: SQLite vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| About the security content of watchOS 7.0 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | CONFIRM | cert-portal.siemens.com | |
| SQLite: View Ticket | MISC | www.sqlite.org | Exploit, Vendor Advisory |
| SQLite: Check-in [10fa79d0] | MISC | www.sqlite.org | Patch, Vendor Advisory |
| Full Disclosure: APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - January 2021 | MISC | www.oracle.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159186 Oracle Enterprise Linux Security Update for sqlite (ELSA-2021-1581)
- 239338 Red Hat Update for sqlite (RHSA-2021:1581)
- 296071 Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)
- 377330 Alibaba Cloud Linux Security Update for mingw packages (ALINUX3-SA-2022:0121)
- 377341 Alibaba Cloud Linux Security Update for sqlite (ALINUX3-SA-2022:0111)
- 500655 Alpine Linux Security Update for sqlite
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 610373 Google Android Devices October 2021 Security Patch Missing
- 610375 Google Android October 2021 Security Patch Missing for Samsung
- 610376 Google Android October 2021 Security Patch Missing for LGE
- 610381 Google Android November 2021 Security Patch Missing for Huawei EMUI
- 750831 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2021:2320-1)
- 750834 OpenSUSE Security Update for sqlite3 (openSUSE-SU-2021:2320-1)
- 750856 OpenSUSE Security Update for sqlite3 (openSUSE-SU-2021:1058-1)
- 751168 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2021:3215-1)
- 900182 CBL-Mariner Linux Security Update for mysql 8.0.22
- 903606 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (3878)
- 940008 AlmaLinux Security Update for sqlite (ALSA-2021:1581)
- 960754 Rocky Linux Security Update for sqlite (RLSA-2021:1581)