CVE-2019-19317, CVE-2019-19603, CVE-2019-19880 - Multiple vulnerabilities in SQLite 3.30.1. (BSA-2020-895).
21600
20 March 2023
21 February 2020
CLOSED
MEDIUM
N/A
N/A
CVE-2019-19317, CVE-2019-19603, CVE-2019-19880
Summary
Security Advisory ID: BSA-2020-895
Component: SQLite
Revision : 2.0: Final
Multiple vulnerabilities in SQLite 3.30.1
CVE-2019-19317
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Base Score: 9.8 CRITICAL - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-19603
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Base Score: 7.5 HIGH - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Base Score: 7.5 HIGH - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
No Brocade Fiber Channel Products from Broadcom are currently known to be affected by these vulnerabilities.
Revision History
|
Version |
Change |
Date |
|---|---|---|
|
1.0 |
Initial Publication |
Feb 21, 2020 |
|
2.0 |
Removed CVE-2019-19645 |
Mar 20, 2023 |