CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880
https://notcve.org/view.php?id=CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta para CVE-2019-19880. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •
CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c
https://notcve.org/view.php?id=CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 https://security.netapp.com/advisory/ntap-20200114-0001 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •
CVE-2019-19603 – sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS
https://notcve.org/view.php?id=CVE-2019-19603
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. SQLite 3.30.1 maneja mal ciertas declaraciones SELECT con una VISTA inexistente, lo que lleva a un bloqueo de la aplicación. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E https://security.netapp.com/advisory/ntap-20191223-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org https://access.redhat.com/security/cve/CVE-2019-19603 https://bugzilla.redhat.com& • CWE-20: Improper Input Validation •
CVE-2019-19646
https://notcve.org/view.php?id=CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. El archivo pragma.c en SQLite versiones hasta 3.30.1, maneja inapropiadamente NOT NULL en un comando PRAGMA de integrity_check en determinados casos de columnas generadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3 https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd https://security.netapp.com/advisory/ntap-20191223-0001 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org https://www.tenable.com/security/tns-2021-14 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2019-19645
https://notcve.org/view.php?id=CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. El archivo alter.c en SQLite versiones hasta 3.30.1, permite a atacantes activar una recursión infinita por medio de ciertos tipos de vistas autorreferenciales junto con declaraciones ALTER TABLE. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 https://security.netapp.com/advisory/ntap-20191223-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.tenable.com/security/tns-2021-14 • CWE-674: Uncontrolled Recursion •