CVE-2020-11655
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 09 Apr 2020, 02:49
Last modified:04 Aug 2024, 11:35
Vulnerability Summary
Overall Risk (default)
medium
41/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
5.02% LOW
5% probability +0.13%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
09 Apr 2020, 02:49
Published
Vulnerability first disclosed
04 Aug 2024, 11:35
Last Modified
Vulnerability information updated
Description
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 5.02%• Percentile: 90%
Techniques & Countermeasures
- CWE-665•Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04 | 19.10 | 20.04
- debian•debian_linux
8.0 | 9.0
- netapp•ontap_select_deploy_administration_utility
na
- oracle•communications_element_manager
≥ 8.2.0, ≤ 8.2.2
- oracle•communications_messaging_server
8.1
- oracle•communications_network_charging_and_control
≥ 12.0.0, ≤ 12.0.3 | 6.0.1 | 12.0.2
- oracle•communications_session_report_manager
≥ 8.2.0, ≤ 8.2.2
- oracle•communications_session_route_manager
≥ 8.2.0, ≤ 8.2.2
- oracle•enterprise_manager_ops_center
12.4.0.0
- oracle•hyperion_infrastructure_technology
11.1.2.4
- oracle•instantis_enterprisetrack
17.1 | 17.2 | 17.3
- oracle•mysql
≥ 8.0.0, ≤ 8.0.22
- oracle•mysql_workbench
≤ 8.0.22
- oracle•outside_in_technology
8.5.4 | 8.5.5
- oracle•zfs_storage_appliance_kit
8.8
- siemens•sinec_infrastructure_network_services
< 1.0.1.1
- sqlite•sqlite
≤ 3.31.1
- tenable•tenable.sc
< 5.19.0
References (14)
- https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
- https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
- https://security.netapp.com/advisory/ntap-20200416-0001/
- https://security.gentoo.org/glsa/202007-26
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.tenable.com/security/tns-2021-14
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf