{"id":"BIT-sqlite-2020-15358","details":"In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.","aliases":["A-192605364","ASB-A-192605364","CVE-2020-15358"],"modified":"2025-04-03T14:40:37.652Z","published":"2024-03-06T11:07:23.204Z","database_specific":{"severity":"Medium","cpes":["cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Nov/19"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Nov/20"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2020/Nov/22"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2021/Feb/14"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202007-26"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200709-0001/"},{"type":"WEB","url":"https://support.apple.com/kb/HT211843"},{"type":"WEB","url":"https://support.apple.com/kb/HT211844"},{"type":"WEB","url":"https://support.apple.com/kb/HT211847"},{"type":"WEB","url":"https://support.apple.com/kb/HT211850"},{"type":"WEB","url":"https://support.apple.com/kb/HT211931"},{"type":"WEB","url":"https://support.apple.com/kb/HT212147"},{"type":"WEB","url":"https://usn.ubuntu.com/4438-1/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"WEB","url":"https://www.sqlite.org/src/info/10fa79d00f8091e5"},{"type":"WEB","url":"https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2"},{"type":"WEB","url":"https://www.sqlite.org/src/tktview?name=8f157e8010"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15358"}],"affected":[{"package":{"name":"sqlite","ecosystem":"Bitnami","purl":"pkg:bitnami/sqlite"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.32.3"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/sqlite/BIT-sqlite-2020-15358.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}