PT-2020-1264 · Sqlite+9 · Sqlite+9

Published

2020-06-15

Updated

2024-03-06

CVE-2020-15358

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.32.3

Description The issue is related to a heap overflow in SQLite due to the misuse of transitive properties for constant propagation, which can lead to local information disclosure. This is caused by a missing bounds check in the sqlite3Select function of select.c, allowing for an out-of-bounds write. The vulnerability can be exploited to gain unauthorized access to protected information.

Recommendations For versions prior to 3.32.3, update to version 3.32.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-2221

ALT-PU-2020-2898

ALT-PU-2021-1338

ALT-PU-2021-2380

ALT-PU-2021-3668

ASB-A-192605364

BDU:2021-00715

BIT-SQLITE-2020-15358

CESA-2021_1581

CVE-2020-15358

MGASA-2021-0303

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

RHSA-2021:1581

RHSA-2021_1581

RLSA-2021:1581

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4438-1

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Sqlite

Suse

Ubuntu

PT-2020-1264 · Sqlite+9 · Sqlite+9

CVE-2020-15358

Weakness Enumeration

Related Identifiers

Affected Products

References · 131