CVE-2020-11656
published 2020-04-09CVE-2020-11656: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.32.0-1 (bookworm) | sqlite3 3.32.0-1 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.32.0-1 | 3.32.0-1 |
| ghost | sqlite3 | >= 0 < 3.32.0-1 | 3.32.0-1 |
| ghost | sqlite3 | >= 0 < 3.32.0-1 | 3.32.0-1 |
| ghost | sqlite3 | >= 0 < 3.32.0-1 | 3.32.0-1 |
| msrc | azl3_ceph_16.2.10-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_ceph_18.2.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_heimdal_7.8.0-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_libdb_5.3.28-9_on_azure_linux_3.0 | — | — |
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_nss_3.96.1-3_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_ceph_16.2.10-7_on_cbl_mariner_2.0 | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | communications_network_charging_and_control | — | — |
| oracle | communications_network_charging_and_control | — | — |
| oracle | communications_network_charging_and_control | 12.0.0 – 12.0.3 | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | hyperion_infrastructure_technology | — | — |
| oracle | mysql | 8.0.0 – 8.0.22 | — |
| oracle | mysql_workbench | <= 8.0.22 | — |
| oracle | outside_in_technology | — | — |
| oracle | outside_in_technology | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL