CVE-2020-13871: Other vulnerability on Sqlite Sqlite, Fedoraproject Fedora, Debian Debian Linux, Oracle Hyperion Infrastructure Technology, Oracle Enterprise Manager Ops Center, Oracle Communications Network Charging And Control, Oracle Zfs Storage Appliance Kit, Oracle Communications Messaging Server, Oracle Mysql Workbench, Siemens Sinec Infrastructure Network Services, Netapp Cloud Backup, Netapp Ontap Select Deploy Administration Utility

Vulnerability Details : CVE-2020-13871

CVE Name: CVE-2020-13871: Other vulnerability on Sqlite Sqlite, Fedoraproject Fedora, Debian Debian Linux, Oracle Hyperion Infrastructure Technology, Oracle Enterprise Manager Ops Center, Oracle Communications Network Charging And Control, Oracle Zfs Storage Appliance Kit, Oracle Communications Messaging Server, Oracle Mysql Workbench, Siemens Sinec Infrastructure Network Services, Netapp Cloud Backup, Netapp Ontap Select Deploy Administration Utility

Description: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

Publish date: 2020-06-06T16:15Z

Last Update: 2022-05-13T20:57Z

CVSS Scores & Vulnerability Types

CVSS Score	7.5
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH
Actack Vector	NETWORK
Actack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Vulnerability Type(s)	Other
CWE ID	416

Products Affected By CVE-2020-13871

#	Vendor	Product	Vulnerable Versions
1	Sqlite	Sqlite	1
2	Fedoraproject	Fedora	1
3	Debian	Debian Linux	1
4	Oracle	Hyperion Infrastructure Technology	1
5	Oracle	Enterprise Manager Ops Center	1
6	Oracle	Communications Network Charging And Control	2
7	Oracle	Zfs Storage Appliance Kit	1
8	Oracle	Communications Messaging Server	1
9	Oracle	Mysql Workbench	1
10	Siemens	Sinec Infrastructure Network Services	1
11	Netapp	Cloud Backup	1
12	Netapp	Ontap Select Deploy Administration Utility	1

Detail of Verions Affected

#	Product Type	Vendor	Product	Version
1	Application	Sqlite	Sqlite	3.32.2
2	Operating System	Fedoraproject	Fedora	33
3	Operating System	Debian	Debian Linux	9.0
4	Application	Oracle	Hyperion Infrastructure Technology	11.1.2.4
5	Application	Oracle	Enterprise Manager Ops Center	12.4.0.0
6	Application	Oracle	Communications Network Charging And Control	12.0.2
7	Application	Oracle	Communications Network Charging And Control	6.0.1
8	Application	Oracle	Zfs Storage Appliance Kit	8.8
9	Application	Oracle	Communications Messaging Server	8.1
10	Application	Oracle	Mysql Workbench	*
11	Application	Siemens	Sinec Infrastructure Network Services	*
12	Application	Netapp	Cloud Backup
13	Application	Netapp	Ontap Select Deploy Administration Utility

References For CVE-2020-13871

Hyperlink	Resource
https://www.sqlite.org/src/info/cd708fa84d2aaaea	Exploit, Vendor Advisory
https://www.sqlite.org/src/info/c8d3b9f0a750a529	Exploit, Vendor Advisory
https://www.sqlite.org/src/info/79eff1d0383179c4	Patch, Vendor Advisory
https://security.netapp.com/advisory/ntap-20200619-0002/	Third Party Advisory
https://security.gentoo.org/glsa/202007-26	Mitigation, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/	Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html	Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch, Third Party Advisory