CVE-2019-16168

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SQLite versions 3.29.0 and earlier

Description The issue is related to a division by zero error in the query planner, specifically in the whereLoopAddBtreeIndex function. This error can cause a browser or other application to crash. The problem arises from missing validation of a sqlite stat1 sz field.

Recommendations For SQLite versions 3.29.0 and earlier, update to a version later than 3.29.0 to resolve the issue. As a temporary workaround, consider restricting the use of the whereLoopAddBtreeIndex function in sqlite3.c until a patch is available.

Fix

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALSA-2021:1968

ALT-PU-2019-2832

ALT-PU-2020-1220

ALT-PU-2020-1827

ALT-PU-2020-2898

AZL-38191

BDU:2020-00864

CESA-2020_4442

CESA-2021_1968

CVE-2019-16168

DLA-2340-1

MGASA-2020-0070

OPENSUSE-SU-2019:2298-1

OPENSUSE-SU-2019:2300-1

OPENSUSE-SU-2019_2298-1

OPENSUSE-SU-2019_2300-1

OPENSUSE-SU-2024:11400-1

RHSA-2020:4442

RHSA-2020_4442

RHSA-2021:1968

RHSA-2021_1968

SUSE-SU-2019:2533-1

SUSE-SU-2019:2536-1

SUSE-SU-2019_2533-1

SUSE-SU-2019_2536-1

SUSE-SU-2021:3215-1

USN-4205-1

Affected Products

Alt Linux

Almalinux

Centos

Java Platform

Red Hat

Rocky Linux

Sqlite

Suse

Ubuntu

CVE-2019-16168

Weakness Enumeration

Related Identifiers

Affected Products

References · 127