PT-2019-3580 · Sqlite+7 · Sqlite3+7

Lukas Braune

Published

2019-03-20

Updated

2025-08-21

CVE-2019-8457

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SQLite3 versions 3.6.0 through 3.27.2

Description The issue is related to a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. This can potentially allow a remote attacker to cause a denial of service, execute arbitrary code, or disclose protected information.

Recommendations For SQLite3 versions 3.6.0 through 3.27.2, consider updating to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1971

ALT-PU-2019-2336

AZL-38326

BDU:2019-03785

CESA-2020_1810

CVE-2019-8457

MGASA-2019-0240

OPENSUSE-SU-2019_1645-1

RHSA-2020:1810

RHSA-2020_1810

SUSE-SU-2019:14083-1

SUSE-SU-2019:1522-1

SUSE-SU-2019:1601-1

SUSE-SU-2019_14083-1

SUSE-SU-2019_1601-1

SUSE-SU-2021:3215-1

USN-4004-1

USN-4004-2

USN-4019-1

USN-4019-2

Affected Products

Alt Linux

Astra Linux

Centos

Debian

Red Hat

Sqlite3

Suse

Ubuntu

PT-2019-3580 · Sqlite+7 · Sqlite3+7

CVE-2019-8457

Weakness Enumeration

Related Identifiers

Affected Products

References · 123