PT-2019-4842 · Sqlite+4 · Sqlite+4

Publicado

2019-11-15

Atualizado

2022-04-15

CVE-2019-19244

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SQLite version 3.30.1

Description The issue is related to an error in the sqlite3Select function of the SQLite database management system, which occurs when the DISTINCT operator is used. This can be exploited by a remote attacker to cause a denial of service. Specifically, the problem arises when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

Recommendations For SQLite version 3.30.1, consider applying a patch or fix that addresses the issue in the sqlite3Select function to prevent potential denial of service attacks. As a temporary workaround, avoid using the DISTINCT operator in sub-selects that also utilize window functions and specific ORDER BY clauses until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2020-1088

ALT-PU-2020-2094

ALT-PU-2020-2183

BDU:2020-01426

CVE-2019-19244

MGASA-2020-0070

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4205-1

Produtos afetados

Alt Linux

Astra Linux

Sqlite

Suse

Ubuntu

PT-2019-4842 · Sqlite+4 · Sqlite+4

CVE-2019-19244

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 91