CVE-2019-19242 - SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarg

CVE-2019-19242

Summary

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

References

Vulnerable Configurations

cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-04-2022 - 15:36)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc	https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c https://www.oracle.com/security-alerts/cpuapr2020.html
ubuntu	USN-4205-1

Last major update

19-04-2022 - 15:36

Published

27-11-2019 - 17:15

Last modified

19-04-2022 - 15:36