CVE-2019-19925

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-19925
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch Third Party Advisory
https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200114-0003/ Third Party Advisory
https://usn.ubuntu.com/4298-1/ Broken Link
https://www.debian.org/security/2020/dsa-4638 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
History

15 Apr 2022, 16:19

Type Values Removed Values Added
First Time Opensuse backports Sle
Debian debian Linux
Siemens
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server
Oracle
Oracle mysql Workbench
Suse linux Enterprise
Netapp
Netapp cloud Backup
Siemens sinec Infrastructure Network Services
Suse
Debian
Suse package Hub
Opensuse leap
Redhat enterprise Linux Workstation
Opensuse
Redhat
CPE cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200114-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200114-0003/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4298-1/ - (UBUNTU) https://usn.ubuntu.com/4298-1/ - Broken Link
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - Mailing List, Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - Third Party Advisory
References (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - Mailing List, Third Party Advisory

10 Mar 2022, 17:41

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf -
Information

Published : 2019-12-24 17:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-19925

Mitre link : CVE-2019-19925

CVE.ORG link : CVE-2019-19925

JSON object : View

Products Affected

suse

  • linux_enterprise
  • package_hub

redhat

  • enterprise_linux_workstation
  • enterprise_linux_server
  • enterprise_linux_desktop

opensuse

  • leap
  • backports_sle

netapp

  • cloud_backup

siemens

  • sinec_infrastructure_network_services

oracle

  • mysql_workbench

sqlite

  • sqlite

debian

  • debian_linux
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type