PT-2019-4851 · Sqlite+6 · Sqlite+6

Publicado

2019-12-09

·

Atualizado

2022-04-15

·

CVE-2019-19924

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions SQLite versions 3.30.1
Description The issue is related to the incorrect handling of certain parser trees by the sqlite3WindowRewrite() function in the SQLite database management system. This can be exploited by a remote attacker to impact data integrity. The problem is caused by incorrect error handling in the sqlite3WindowRewrite() function, which is related to the expr.c, vdbeaux.c, and window.c components.
Recommendations For SQLite version 3.30.1, consider applying a patch or fix that corrects the error handling in the sqlite3WindowRewrite() function to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-755

Identificadores relacionados

ALT-PU-2020-1088
ALT-PU-2020-2094
ALT-PU-2020-2183
ALT-PU-2020-2898
BDU:2020-01435
CESA-2020_1810
CVE-2019-19924
OPENSUSE-SU-2021:1058-1
OPENSUSE-SU-2021:2320-1
OPENSUSE-SU-2021_1058-1
OPENSUSE-SU-2021_2320-1
RHSA-2020:1810
RHSA-2020_1810
SUSE-SU-2021:2320-1
SUSE-SU-2021:3215-1
USN-4298-1

Produtos afetados

Alt Linux
Astra Linux
Centos
Red Hat
Sqlite
Suse
Ubuntu