Heap Overflow in SQLite Due to Query Optimization Mismanagement
CVE-2020-15358

5.5MEDIUM

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
27 June 2020

What is CVE-2020-15358?

An issue in SQLite versions prior to 3.32.3 exposes applications to potential heap overflow vulnerabilities. A problem in the handling of query-flattener optimization in the select.c file can lead to a multiSelectOrderBy heap overflow due to improper use of transitive properties for constant propagation. This mismanagement creates an opportunity for attackers to exploit the overflow, potentially executing arbitrary code or compromising the integrity and availability of the database systems relying on SQLite.

References

https://www.sqlite.org/src/tktview?name=8f157e8010
x_refsource_MISC
https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=v...
x_refsource_MISC
https://www.sqlite.org/src/info/10fa79d00f8091e5
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.