TROYANOSYVIRUS
Back to CVEs

CVE-2019-19880

HIGH
7.5

Description

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

CVE Details

CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/18/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

debian:debian_linuxnetapp:cloud_backupopensuse:backports_sleopensuse:leaporacle:mysql_workbenchredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstationsiemens:sinec_infrastructure_network_servicessqlite:sqlitesuse:linux_enterprisesuse:package_hub

Weaknesses (CWE)

CWE-476

References

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0514(cve@mitre.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(cve@mitre.org)
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20200114-0001/(cve@mitre.org)
https://usn.ubuntu.com/4298-1/(cve@mitre.org)
https://www.debian.org/security/2020/dsa-4638(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuapr2020.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0514(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200114-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4298-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4638(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.