CVE-2020-11656: 
MySQL vulnerability analysis and mitigation

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free vulnerability, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. The vulnerability was discovered and disclosed in April 2020 (NVD).

The vulnerability exists in the ALTER TABLE implementation of SQLite where a pointer might be used after being freed when processing an ORDER BY clause that belongs to a compound SELECT statement within a view or trigger. This was identified as a use-after-free (CWE-416) vulnerability. The issue has a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability could lead to code execution, system crashes, or data corruption through the use-after-free condition. The vulnerability has high impacts on confidentiality, integrity and availability of the affected systems (NVD).

The vulnerability was fixed in SQLite versions after 3.31.1. The fix was implemented through a patch that addresses the use-after-free issue in the ALTER TABLE code (SQLite). Users should upgrade to a patched version of SQLite to mitigate this vulnerability.

Multiple organizations and vendors responded to this vulnerability by releasing security advisories and patches, including FreeBSD, Oracle, NetApp, and others. The vulnerability was considered serious enough to be included in multiple vendor security updates (FreeBSD, Oracle, NetApp).