Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2020-15358

Disclosure Date: June 27, 2020
CVE-2020-15358 CVSS v3 Base Score: 5.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • canonical,
  • oracle,
  • siemens,
  • sqlite

Products

  • communications cloud native core policy 1.14.0,
  • communications messaging server 8.1,
  • communications network charging and control 12.0.2,
  • communications network charging and control 6.0.1,
  • enterprise manager ops center 12.4.0.0,
  • hyperion infrastructure technology 11.1.2.4,
  • icloud,
  • ipados,
  • iphone os,
  • macos,
  • mysql,
  • outside in technology 8.5.4,
  • outside in technology 8.5.5,
  • sinec infrastructure network services,
  • sqlite,
  • tvos,
  • ubuntu linux 20.04,
  • watchos

References

Canonical
CVE-2020-15358 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358)
Advisory
https://security.netapp.com/advisory/ntap-20200709-0001
GLSA-202007-26 (https://security.gentoo.org/glsa/202007-26)
USN-4438-1 (https://usn.ubuntu.com/4438-1)
https://security.netapp.com/advisory/ntap-20200709-0001/
USN-4438-1 (https://usn.ubuntu.com/4438-1/)
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT211843
https://support.apple.com/kb/HT211850
https://support.apple.com/kb/HT211844
https://support.apple.com/kb/HT211847
20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 (http://seclists.org/fulldisclosure/2020/Nov/19)
20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 (http://seclists.org/fulldisclosure/2020/Nov/20)
20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 (http://seclists.org/fulldisclosure/2020/Nov/22)
20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (http://seclists.org/fulldisclosure/2020/Dec/32)
https://support.apple.com/kb/HT212147
20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave (http://seclists.org/fulldisclosure/2021/Feb/14)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Miscellaneous
https://www.sqlite.org/src/tktview?name=8f157e8010
https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
https://www.sqlite.org/src/info/10fa79d00f8091e5
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis