CVE-2019-19924 - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c.

CVE-2019-19924

Summary

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

References

Vulnerable Configurations

cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 15-04-2022 - 16:18)
Impact:
Exploitability:

CWE

CWE-755

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

redhat via4

rpms

lemon-0:3.26.0-6.el8
lemon-debuginfo-0:3.26.0-6.el8
sqlite-0:3.26.0-6.el8
sqlite-analyzer-debuginfo-0:3.26.0-6.el8
sqlite-debuginfo-0:3.26.0-6.el8
sqlite-debugsource-0:3.26.0-6.el8
sqlite-devel-0:3.26.0-6.el8
sqlite-doc-0:3.26.0-6.el8
sqlite-libs-0:3.26.0-6.el8
sqlite-libs-debuginfo-0:3.26.0-6.el8
sqlite-tcl-debuginfo-0:3.26.0-6.el8

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200114-0003/
misc	https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3 https://www.oracle.com/security-alerts/cpuapr2020.html
ubuntu	USN-4298-1

Last major update

15-04-2022 - 16:18

Published

24-12-2019 - 16:15

Last modified

15-04-2022 - 16:18