Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11656

Опубликовано: 03 апр. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Отчет

As per the upstream bug at https://www.sqlite.org/src/info/4722bdab08cb1 the flaw is in the error checking routine which is triggered only in debug builds. In release builds this is a no-op and therefore release builds are non-vulnerable. Red Hat packages are not vulnerable to this flaw (because we dont ship debug builds)

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteNot affected
Red Hat Enterprise Linux 8sqliteNot affected
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/cephcsi-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/cephcsi-rhel9-operatorFixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/mcg-core-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/mcg-rhel9-operatorFixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/ocs-client-console-rhel9FixedRHSA-2025:1650423.09.2025
Red Hat Openshift Data Foundation 4.19registry.redhat.io/odf4/ocs-client-rhel9-operatorFixedRHSA-2025:1650423.09.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1824185sqlite: use-after-free in the ALTER TABLE implementation

EPSS

Процентиль: 92%
0.0847
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11656

CVSS3: 9.8
ubuntu
почти 6 лет назад

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

nvd логотип

CVE-2020-11656

CVSS3: 9.8
nvd
почти 6 лет назад

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

msrc логотип

CVE-2020-11656

CVSS3: 9.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2020-11656

CVSS3: 9.8
debian
почти 6 лет назад

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...

github логотип

GHSA-x2v5-p27f-53wp

CVSS3: 9.8
github
больше 3 лет назад

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

EPSS

Процентиль: 92%
0.0847
Низкий

8.8 High

CVSS3