CVE-2020-11656 — Use After Free in Sqlite
Severity
9.8CRITICALNVD
EPSS
6.1%
top 9.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateMay 24
Description
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages12 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Data Access Pack (SQLite) — CVE-2020-11656↗2020-07-15
Microsoft▶
In SQLite through 3.31.1 the ALTER TABLE implementation has a use-after-free as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.↗2020-04-14
Debian▶
CVE-2020-11656: sqlite3 - In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, a...↗2020
💬Community
6Bugzilla
▶
Bugzilla▶
CVE-2020-11656 sqlite2: sqlite: use-after-free in the ALTER TABLE implementation [epel-all]↗2020-04-15
Bugzilla▶
CVE-2020-11656 sqlite3: sqlite: use-after-free in the ALTER TABLE implementation [fedora-all]↗2020-04-15
Bugzilla▶
CVE-2020-11656 sqlite2: sqlite: use-after-free in the ALTER TABLE implementation [fedora-all]↗2020-04-15
Bugzilla▶
CVE-2020-11656 mingw-sqlite: sqlite: use-after-free in the ALTER TABLE implementation [fedora-all]↗2020-04-15