CVE-2019-19959
sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
El archivo ext/misc/zipfile.c en SQLite versiĆ³n 3.30.1, maneja inapropiadamente ciertos usos de INSERT INTO en situaciones que involucran caracteres "\0" insertados en los nombres de archivo, conllevando a un error de administraciĆ³n de memoria que puede ser detectado por valgrind (por ejemplo).
It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-24 CVE Reserved
- 2020-01-03 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-626: Null Byte Interaction Error (Poison Null Byte)
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20200204-0001 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuapr2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1 | 2020-11-09 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4298-1 | 2020-11-09 | |
| https://access.redhat.com/security/cve/CVE-2019-19959 | 2020-04-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1789595 | 2020-04-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | 3.30.1 Search vendor "Sqlite" for product "Sqlite" and version "3.30.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||