multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html | Mailing List Third Party Advisory |
https://access.redhat.com/errata/RHSA-2020:0514 | Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200114-0003/ | Third Party Advisory |
https://usn.ubuntu.com/4298-1/ | Broken Link |
https://usn.ubuntu.com/4298-2/ | Broken Link |
https://www.debian.org/security/2020/dsa-4638 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
15 Apr 2022, 16:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200114-0003/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4298-1/ - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4298-2/ - Broken Link | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html - Mailing List, Third Party Advisory | |
First Time |
Opensuse backports Sle
Debian debian Linux Siemens Redhat enterprise Linux Desktop Redhat enterprise Linux Server Oracle Oracle mysql Workbench Suse linux Enterprise Netapp Netapp cloud Backup Siemens sinec Infrastructure Network Services Suse Debian Suse package Hub Opensuse leap Redhat enterprise Linux Workstation Opensuse Redhat |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-23 01:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19926
Mitre link : CVE-2019-19926
CVE.ORG link : CVE-2019-19926
JSON object : View
Products Affected
opensuse
- leap
- backports_sle
redhat
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_server
sqlite
- sqlite
suse
- package_hub
- linux_enterprise
debian
- debian_linux
siemens
- sinec_infrastructure_network_services
oracle
- mysql_workbench
netapp
- cloud_backup
CWE
CWE-476
NULL Pointer Dereference