flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html | Mailing List Third Party Advisory |
https://access.redhat.com/errata/RHSA-2020:0514 | Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 | Patch |
https://security.netapp.com/advisory/ntap-20200114-0003/ | Third Party Advisory |
https://usn.ubuntu.com/4298-1/ | Broken Link |
https://www.debian.org/security/2020/dsa-4638 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
15 Apr 2022, 16:18
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200114-0003/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4298-1/ - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - Mailing List, Third Party Advisory | |
First Time |
Opensuse backports Sle
Debian debian Linux Siemens Redhat enterprise Linux Desktop Redhat enterprise Linux Server Oracle Oracle mysql Workbench Suse linux Enterprise Netapp Netapp cloud Backup Siemens sinec Infrastructure Network Services Suse Debian Suse package Hub Opensuse leap Redhat enterprise Linux Workstation Opensuse Redhat |
|
CPE | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-24 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19923
Mitre link : CVE-2019-19923
CVE.ORG link : CVE-2019-19923
JSON object : View
Products Affected
suse
- linux_enterprise
- package_hub
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
opensuse
- leap
- backports_sle
netapp
- cloud_backup
siemens
- sinec_infrastructure_network_services
oracle
- mysql_workbench
sqlite
- sqlite
debian
- debian_linux
CWE
CWE-476
NULL Pointer Dereference