Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11655

Опубликовано: 03 апр. 2020
Источник: redhat
CVSS3: 7.5

Описание

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

Отчет

It seems like this issue existed since sqlite-3.25.0, when window function (https://www.sqlite.org/windowfunctions.html) was added, but it lead to segmentation fault after https://www3.sqlite.org/cgi/src/info/712e47714863a8ed was committed, which could result in denial of service. This commit is a part of sqlite-3.30 release. Therefore previous versions are not vulnerable to this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteNot affected
Red Hat Enterprise Linux 8sqliteNot affected
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/cephcsi-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/cephcsi-rhel9-operatorFixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/mcg-core-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/mcg-rhel9-operatorFixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/ocs-client-console-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/ocs-client-rhel9-operatorFixedRHSA-2025:1650423.09.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1824174sqlite: malformed window-function query leads to DoS

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11655

CVSS3: 7.5
ubuntu
почти 6 лет назад

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

nvd логотип

CVE-2020-11655

CVSS3: 7.5
nvd
почти 6 лет назад

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

msrc логотип

CVE-2020-11655

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2020-11655

CVSS3: 7.5
debian
почти 6 лет назад

SQLite through 3.31.1 allows attackers to cause a denial of service (s ...

github логотип

GHSA-f86q-8q37-c2x4

CVSS3: 7.5
github
больше 3 лет назад

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5 High

CVSS3