Bug 1824185 (CVE-2020-11656) - CVE-2020-11656 sqlite: use-after-free in the ALTER TABLE implementation
Summary: CVE-2020-11656 sqlite: use-after-free in the ALTER TABLE implementation
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-11656
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1824186 1824187 1824188 1824189 1840138
Blocks: 1824191
TreeView+ depends on / blocked
 
Reported: 2020-04-15 14:00 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 20:15 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-17 05:16:29 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-04-15 14:00:24 UTC
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Reference and upstream commit:
https://www.sqlite.org/src/info/d09f8c3621d5f7f8
https://www3.sqlite.org/cgi/src/info/b64674919f673602

Comment 1 Guilherme de Almeida Suckevicz 2020-04-15 14:01:01 UTC
Created mingw-sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1824187]


Created sqlite2 tracking bugs for this issue:

Affects: epel-all [bug 1824186]
Affects: fedora-all [bug 1824188]


Created sqlite3 tracking bugs for this issue:

Affects: fedora-all [bug 1824189]

Comment 2 Huzaifa S. Sidhpurwala 2020-04-17 05:15:14 UTC
Statement:

As per the upstream bug at https://www.sqlite.org/src/info/4722bdab08cb1 the flaw is in the error checking routine which is triggered only in debug builds. In release builds this is a no-op and therefore release builds are non-vulnerable. Red Hat packages are not vulnerable to this flaw (because we dont ship debug builds)

Comment 3 Guilherme de Almeida Suckevicz 2020-05-26 13:00:11 UTC
Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1840138]


Note You need to log in before you can comment on or make changes to this bug.