CPANSA-DBD-SQLite-2019-19880: DBD-SQLite vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2019-12-18T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2019-12-18T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 7.5 | Severity | High |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Vulnerabilities
CVE-2019-19880
Vulnerability DescriptionexprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
| Weakness | CWE-476 : NULL Pointer Dereference |
|---|
Product status
Known affected
| Product | Score | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DBD-SQLite equal 1.65_02 |
|
Fixed
- DBD-SQLite greater than or equal 1.65_03
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-DBD-SQLite-2019-19880 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2019/cpansa-dbd-sqlite-2019-19880.json - https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 external
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 - https://security.netapp.com/advisory/ntap-20200114-0001/ external
https://security.netapp.com/advisory/ntap-20200114-0001/ - http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html external
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html external
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - https://access.redhat.com/errata/RHSA-2020:0514 external
https://access.redhat.com/errata/RHSA-2020:0514 - http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html external
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - https://www.debian.org/security/2020/dsa-4638 external
https://www.debian.org/security/2020/dsa-4638 - https://usn.ubuntu.com/4298-1/ external
https://usn.ubuntu.com/4298-1/ - https://www.oracle.com/security-alerts/cpuapr2020.html external
https://www.oracle.com/security-alerts/cpuapr2020.html - https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf external
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - CVE-2019-19880 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2019-19880
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Dec 18 00:00:00 2019 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/