CVE-2020-13871
HIGHSQLite 3.32.2 - Use-After-Free in Window Function Parse Tree Rewrite
Title source: llmDescription
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
References (10)
Core 10
Core References
Mitigation, Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-26
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2021.html
Exploit, Vendor Advisory x_refsource_misc
https://www.sqlite.org/src/info/cd708fa84d2aaaea
Exploit, Vendor Advisory x_refsource_misc
https://www.sqlite.org/src/info/c8d3b9f0a750a529
Patch, Vendor Advisory x_refsource_misc
https://www.sqlite.org/src/info/79eff1d0383179c4
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200619-0002/
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Scores
CVSS v3
7.5
EPSS
0.0244
EPSS Percentile
85.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (13)
debian/debian_linux
9.0
fedoraproject/fedora
33
netapp/cloud_backup
netapp/ontap_select_deploy_administration_utility
oracle/communications_messaging_server
8.1
oracle/communications_network_charging_and_control
6.0.1
oracle/communications_network_charging_and_control
12.0.2
oracle/enterprise_manager_ops_center
12.4.0.0
oracle/hyperion_infrastructure_technology
11.1.2.4
oracle/mysql_workbench
< 8.0.22
... and 3 more
Published
Jun 06, 2020
Tracked Since
Feb 18, 2026