ID CVE-2019-19880
Summary exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
References
Vulnerable Configurations
  • cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
    cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-04-2022 - 16:16)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2020:0514
rpms
  • chromium-browser-0:80.0.3987.87-1.el6_10
  • chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200114-0001/
debian DSA-4638
misc
suse
  • openSUSE-SU-2020:0189
  • openSUSE-SU-2020:0210
  • openSUSE-SU-2020:0233
ubuntu USN-4298-1
Last major update 15-04-2022 - 16:16
Published 18-12-2019 - 06:15
Last modified 15-04-2022 - 16:16
Back to Top