PT-2019-4866 · Sqlite+5 · Sqlite+5

Published

2019-12-22

·

Updated

2024-06-15

·

CVE-2019-19926

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions SQLite version 3.30.1
Description The issue is related to the multiSelect function in select.c and the sqlite3WindowRewrite() function, which can cause errors during parsing. Additionally, there is a problem with a null pointer dereference in the sqlite3WindowRewrite() function. This could potentially allow a remote attacker to cause a denial of service.
Recommendations For SQLite version 3.30.1, consider applying a patch or fix that addresses the incomplete fix for the previous issue and the null pointer dereference problem in the sqlite3WindowRewrite() function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-1088
ALT-PU-2020-1457
ALT-PU-2020-1521
ALT-PU-2020-1707
ALT-PU-2020-2094
ALT-PU-2020-2183
ALT-PU-2020-2441
ALT-PU-2020-2898
BDU:2020-01452
CVE-2019-19926
DSA-4638-1
MGASA-2020-0123
OPENSUSE-SU-2020:0189-1
OPENSUSE-SU-2020:0210-1
OPENSUSE-SU-2020:0233-1
OPENSUSE-SU-2020_0189-1
OPENSUSE-SU-2021:1058-1
OPENSUSE-SU-2021:2320-1
OPENSUSE-SU-2021_1058-1
OPENSUSE-SU-2021_2320-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:0514
RHSA-2020_0514
SUSE-SU-2021:2320-1
SUSE-SU-2021:3215-1
USN-4298-1
USN-4298-2

Affected Products

Alt Linux
Google Chrome
Red Hat
Sqlite
Suse
Ubuntu