← Back

CVE-2020-11655

nvd nist
Published: Apr 9, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

Affected (27)

Show all products
Sqlite: Sqlite · Netapp: Ontap Select Deploy Administration Utility · Debian: Debian Linux · Canonical: Ubuntu Linux · Oracle: Communications Element Manager, Communications Messaging Server, Communications Network Charging And Control, Communications Session Report Manager, Communications Session Route Manager, Enterprise Manager Ops Center, Hyperion Infrastructure Technology, Instantis Enterprisetrack, Mysql, Mysql Workbench, Outside In Technology, Zfs Storage Appliance Kit · Siemens: Sinec Infrastructure Network Services · Tenable: Tenable.sc
Sqlite
1 product
Sqlite
Netapp
1 product
Ontap Select Deploy Administration Utility
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Oracle
12 products
Communications Element Manager
Communications Messaging Server
Communications Network Charging And Control
Communications Session Report Manager
Communications Session Route Manager
Enterprise Manager Ops Center
Hyperion Infrastructure Technology
Instantis Enterprisetrack
Mysql
Mysql Workbench
Outside In Technology
Zfs Storage Appliance Kit
Siemens
1 product
Sinec Infrastructure Network Services
Tenable
1 product
Tenable.sc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sqlite
Up to 3.31.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Ontap Select Deploy Administration Utility
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.10
Ubuntu Linux
Version 20.04
Configuration E
17 vulnerable
Vulnerable SoftwareAffected Versions
Communications Element Manager
From 8.2.0 to 8.2.2
Communications Messaging Server
Version 8.1
Oracle
Communications Network Charging And Control
From 12.0.0 to 12.0.3
Communications Network Charging And Control
Version 12.0.2
Communications Network Charging And Control
Version 6.0.1
Communications Session Report Manager
From 8.2.0 to 8.2.2
Communications Session Route Manager
From 8.2.0 to 8.2.2
Enterprise Manager Ops Center
Version 12.4.0.0
Hyperion Infrastructure Technology
Version 11.1.2.4
Oracle
Instantis Enterprisetrack
Version 17.1
Instantis Enterprisetrack
Version 17.2
Instantis Enterprisetrack
Version 17.3
Mysql
From 8.0.0 to 8.0.22
Mysql Workbench
Up to 8.0.22
Oracle
Outside In Technology
Version 8.5.4
Outside In Technology
Version 8.5.5
Zfs Storage Appliance Kit
Version 8.8
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Sinec Infrastructure Network Services
Before 1.0.1.1
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Tenable.sc
Before 5.19.0

Related CWEs

CWE-665
Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (28)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory

Timeline

No history available yet.