PT-2019-4851 · Sqlite+6 · Sqlite+6

Published

2019-12-09

Updated

2022-04-15

CVE-2019-19924

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SQLite versions 3.30.1

Description The issue is related to the incorrect handling of certain parser trees by the sqlite3WindowRewrite() function in the SQLite database management system. This can be exploited by a remote attacker to impact data integrity. The problem is caused by incorrect error handling in the sqlite3WindowRewrite() function, which is related to the expr.c, vdbeaux.c, and window.c components.

Recommendations For SQLite version 3.30.1, consider applying a patch or fix that corrects the error handling in the sqlite3WindowRewrite() function to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

ALT-PU-2020-1088

ALT-PU-2020-2094

ALT-PU-2020-2183

ALT-PU-2020-2898

BDU:2020-01435

CESA-2020_1810

CVE-2019-19924

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

RHSA-2020:1810

RHSA-2020_1810

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4298-1

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Sqlite

Suse

Ubuntu

PT-2019-4851 · Sqlite+6 · Sqlite+6

CVE-2019-19924

Weakness Enumeration

Related Identifiers

Affected Products

References · 94