CVE-2020-15358

Опубликовано: 27 июн. 2020

Источник: debian

EPSS Низкий

Описание

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sqlite3	fixed	3.32.3-1		package
sqlite3	fixed	3.27.2-3+deb10u1	buster	package
sqlite3	not-affected		stretch	package
sqlite3	not-affected		jessie	package
sqlite	not-affected			package

Примечания

https://www.sqlite.org/src/info/10fa79d00f8091e5
https://www.sqlite.org/src/tktview?name=8f157e8010

EPSS

Процентиль: 11%

0.00037

Низкий

Связанные уязвимости

CVE-2020-15358

CVSS3: 5.5

ubuntu

больше 5 лет назад

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVE-2020-15358

CVSS3: 5.5

redhat

больше 5 лет назад

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVE-2020-15358

CVSS3: 5.5

nvd

больше 5 лет назад

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVE-2020-15358

CVSS3: 5.5

msrc

почти 5 лет назад

Описание отсутствует

GHSA-rq2p-jfw7-2cj3

CVSS3: 5.5

github

больше 3 лет назад

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

EPSS

Процентиль: 11%

0.00037

Низкий