CVE-CVE-2020-11655 | HIGH Severity | CVEDatabase.com

Description

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-665

Metadata

Primary Vendor: SQLITE
Published: 4/9/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

sqlite : sqlitenetapp : ontap_select_deploy_administration_utilitydebian : debian_linuxdebian : debian_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxoracle : communications_element_manageroracle : communications_network_charging_and_controloracle : communications_network_charging_and_controloracle : communications_network_charging_and_controloracle : communications_session_report_manageroracle : communications_session_route_manageroracle : enterprise_manager_ops_centeroracle : hyperion_infrastructure_technologyoracle : instantis_enterprisetrackoracle : instantis_enterprisetrackoracle : instantis_enterprisetrackoracle : mysqloracle : mysql_workbenchoracle : outside_in_technologyoracle : outside_in_technologyoracle : zfs_storage_appliance_kitoracle : communications_messaging_serversiemens : sinec_infrastructure_network_servicestenable : tenable.sc

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD