CVE-2020-15358: Buffer Overflow
First published: Sat Jun 27 2020(Updated: )
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Credit: CVE-2020-15358 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/sqlite | <3.32.3 | 3.32.3 |
| IBM Security Verify Access | <=10.0.0 | |
| ubuntu/sqlite3 | <3.31.1-4ubuntu0.2 | 3.31.1-4ubuntu0.2 |
| debian/sqlite3 | 3.34.1-3 3.40.1-2 3.46.0-1 | |
| Apple macOS | <11.0.1 | 11.0.1 |
| tvOS | <14.0 | 14.0 |
| Android | ||
| Apple macOS | <11.2 | 11.2 |
| macOS Catalina | ||
| macOS Mojave | ||
| SQLite | <3.32.3 | |
| Ubuntu Linux | =20.04 | |
| Apple iCloud for Windows | <7.21 | |
| Apple iOS, iPadOS, and watchOS | <14.0 | |
| iOS | <14.0 | |
| Apple iOS and macOS | <11.0.1 | |
| tvOS | <14.0 | |
| Apple iOS, iPadOS, and watchOS | <7.0 | |
| oracle communications Cloud native core policy | =1.14.0 | |
| Sun iPlanet Messaging Server | =8.1 | |
| oracle communications network charging and control | =6.0.1 | |
| oracle communications network charging and control | =12.0.2 | |
| Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
| oracle hyperion infrastructure technology | =11.1.2.4 | |
| MySQL | <=8.0.22 | |
| Oracle Outside In Technology | =8.5.4 | |
| Oracle Outside In Technology | =8.5.5 | |
| siemens sinec infrastructure network services | <1.0.1.1 | |
| Apple iOS, iPadOS, and watchOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <7.0 | 7.0 |
| Apple iCloud | <7.21 | 7.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211847 (Advisory)
- https://www.sqlite.org/src/info/10fa79d00f8091e5
- https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
- https://www.sqlite.org/src/tktview?name=8f157e8010
- https://security.netapp.com/advisory/ntap-20200709-0001/
- https://security.gentoo.org/glsa/202007-26
- https://usn.ubuntu.com/4438-1/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://support.apple.com/kb/HT211843
- https://support.apple.com/kb/HT211844
- https://support.apple.com/kb/HT211850
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT211847
- http://seclists.org/fulldisclosure/2020/Nov/20
- http://seclists.org/fulldisclosure/2020/Nov/19
- http://seclists.org/fulldisclosure/2020/Nov/22
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://support.apple.com/kb/HT212147
- http://seclists.org/fulldisclosure/2021/Feb/14
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://launchpad.net/bugs/cve/CVE-2020-15358
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1851962
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1851963
- https://access.redhat.com/errata/RHSA-2021:1581
- https://access.redhat.com/security/cve/cve-2020-15358
- https://bugzilla.redhat.com/show_bug.cgi?id=1851957
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
- https://android.googlesource.com/platform/external/sqlite/+/1935111b5e902f2ca305d1b2efae6fe46acfffe5
- https://source.android.com/docs/security/bulletin/2021-10-01 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/184103
- https://www.ibm.com/support/pages/node/6538418 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2020-15358
- https://ubuntu.com/security/notices/USN-4438-1
- https://www.cve.org/CVERecord?id=CVE-2020-15358
- https://nvd.nist.gov/vuln/detail/CVE-2020-15358
- https://ubuntu.com/security/CVE-2020-15358
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-9999
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-10002
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-9876
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9979
- CVE-2020-9954
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9968
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-10013
- CVE-2021-1761
- CVE-2021-1797
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2021-1802
- CVE-2021-1791
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9959
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-15358.
What is the title of this vulnerability?
The title of this vulnerability is 'SQLite. Multiple issues were addressed with improved checks.'
What was done to address the vulnerabilities?
The vulnerabilities were addressed by updating SQLite to version 3.32.3.
Which software products are affected by this vulnerability?
The affected software products include macOS Big Sur, watchOS, iOS, iPadOS, iCloud for Windows, and tvOS.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Apple support website.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15358
- agent/software-canonical-lookup
- agent/description
- agent/weakness
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- collector/android-source
- source/Android
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify access
- version/ibm security verify access/10.0.0
- package-manager/ubuntu
- package-manager/debian
- vendor/apple
- canonical/apple macos
- canonical/tvos
- vendor/google
- canonical/android
- canonical/macos catalina
- canonical/macos mojave
- vendor/sqlite
- canonical/sqlite
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/20.04
- canonical/apple icloud for windows
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- vendor/oracle
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/sun iplanet messaging server
- version/sun iplanet messaging server/8.1
- canonical/oracle communications network charging and control
- version/oracle communications network charging and control/6.0.1
- version/oracle communications network charging and control/12.0.2
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.4.0.0
- canonical/oracle hyperion infrastructure technology
- version/oracle hyperion infrastructure technology/11.1.2.4
- canonical/mysql
- version/mysql/8.0.22
- canonical/oracle outside in technology
- version/oracle outside in technology/8.5.4
- version/oracle outside in technology/8.5.5
- vendor/siemens
- canonical/siemens sinec infrastructure network services
- canonical/apple icloud