In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
Buffer Overflow
Memory Corruption
Sqlite
Ubuntu Linux
Icloud
+13
NVD
CVSS 3.1
5.5
EPSS
1.0%