CVE |
您所在的位置:网站首页 › 问道159357 15358 › CVE |
首页
>
安全漏洞
>
SQLite 缓冲区错误漏洞
SQLite 缓冲区错误漏洞
CNNVD-ID编号
CNNVD-202006-1768
CVE编号
CVE-2020-15358
发布时间
2020-06-27
更新时间
2021-01-21
漏洞类型
缓冲区错误
漏洞来源
N/A
危险等级
中危
威胁类型
本地
厂商
N/A
漏洞介绍
SQLite是美国D.Richard Hipp软件开发者的一套基于C语言的开源嵌入式关系数据库管理系统。该系统具有独立性、隔离性、跨平台等特点。 SQLite 3.32.3之前版本中的multiSelectOrderBy存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。 漏洞补丁目前厂商已发布升级了SQLite 缓冲区错误漏洞的补丁,SQLite 缓冲区错误漏洞的补丁获取链接: https://www.sqlite.org/src/tktview?name=8f157e8010 参考网址来源:MISC 链接:https://www.sqlite.org/src/tktview?name=8f157e8010 来源:CONFIRM 链接:https://support.apple.com/kb/HT211931 来源:CONFIRM 链接:https://support.apple.com/kb/HT211843 来源:CONFIRM 链接:https://support.apple.com/kb/HT211844 来源:CONFIRM 链接:https://security.netapp.com/advisory/ntap-20200709-0001/ 来源:CONFIRM 链接:https://support.apple.com/kb/HT211847 来源:FULLDISC 链接:http://seclists.org/fulldisclosure/2020/Nov/22 来源:GENTOO 链接:https://security.gentoo.org/glsa/202007-26 来源:MISC 链接:https://www.oracle.com/security-alerts/cpujan2021.html 来源:FULLDISC 链接:http://seclists.org/fulldisclosure/2020/Nov/19 来源:FULLDISC 链接:http://seclists.org/fulldisclosure/2020/Dec/32 来源:MISC 链接:https://www.oracle.com/security-alerts/cpuoct2020.html 来源:FULLDISC 链接:http://seclists.org/fulldisclosure/2020/Nov/20 来源:CONFIRM 链接:https://support.apple.com/kb/HT211850 来源:MISC 链接:https://www.sqlite.org/src/info/10fa79d00f8091e5 来源:UBUNTU 链接:https://usn.ubuntu.com/4438-1/ 来源:MISC 链接:https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2 来源:packetstormsecurity.com 链接:https://packetstormsecurity.com/files/160545/Apple-Security-Advisory-2020-12-14-4.html 来源:packetstormsecurity.com 链接:https://packetstormsecurity.com/files/158623/Ubuntu-Security-Notice-USN-4438-1.html 来源:www.nsfocus.net 链接:http://www.nsfocus.net/vulndb/46984 来源:www.ibm.com 链接:https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorflow-in-sqlite-before-3-32-3-select-c-mishandles-query-flattener-optimization/ 来源:packetstormsecurity.com 链接:https://packetstormsecurity.com/files/160061/Apple-Security-Advisory-2020-11-13-3.html 来源:www.auscert.org.au 链接:https://www.auscert.org.au/bulletins/ESB-2020.3181.2/ 来源:www.auscert.org.au 链接:https://www.auscert.org.au/bulletins/ESB-2020.2561/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-15358 来源:www.auscert.org.au 链接:https://www.auscert.org.au/bulletins/ESB-2020.4060.2/ 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/SQLite-buffer-overflow-via-Query-Flattener-Optimization-32637 来源:www.ibm.com 链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-15358/ 受影响实体暂无 信息来源http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202006-1768 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |