CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19242
https://notcve.org/view.php?id=CVE-2019-19242
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. SQLite versión 3.30.1, maneja inapropiadamente pExpr-)y.pTab, como es demostrado por el caso TK_COLUMN en la función sqlite3ExprCodeTarget en el archivo expr.c. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c https://usn.ubuntu.com/4205-1 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2 https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20190926-0003 https:/& • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-8457 – sqlite: heap out-of-bound read in function rtreenode()
https://notcve.org/view.php?id=CVE-2019-8457
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. SQLite3 desde la versión 3.6.0 hasta la versión 3.27.2 incluida es vulnerable a la lectura de memoria dinámica fuera de límites de la función rtreenode () cuando se manejan tablas de rtree no válidas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M https://security.netapp.com/advisory/ntap-20190606-0002 https://usn.ubuntu.com/4004-1 https://usn.ubuntu.com/4004-2 https://usn. • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 7%CPEs: 6EXPL: 1CVE-2019-5018 – sqlite: Use-after-free in window function leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-5018
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en la función de ventana de Sqlite3 3.26.0. Un comando SQL especialmente diseñado puede causar un uso de memoria previamente liberada, resultando en la ejecución remota del código. • http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html http://www.securityfocus.com/bid/108294 https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190521-0001 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777 https://usn.ubuntu.com/4205-1 https://access.redhat.com/security/cve/CVE-2019-5018 https://bugzilla.redhat.com/show_bug.cgi?id=1708301 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2019-9937
https://notcve.org/view.php?id=CVE-2019-9937
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. En SQLite 3.27.2, las lecturas y escrituras intercaladas en una única transacción con una tabla virtual fts5 conducirá a una desreferencia de puntero NULL en fts5ChunkIterate en sqlite3.c. Esto está relacionado con ext/fts5/fts5_hash.c y ext/fts5/fts5_index.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html http://www.securityfocus.com/bid/107562 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190416- • CWE-476: NULL Pointer Dereference •