CVE-2019-19603 : SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, lead

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

Published 2019-12-09 19:15:15

Updated 2022-04-15 16:15:15

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19603

Apache » Guacamole » Version: 1.3.0
cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*
Matching versions
Oracle » Mysql Workbench
Versions up to, including, (<=) 8.0.19
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Matching versions
Siemens » Sinec Infrastructure Network Services
Versions before (<) 1.0.1.1
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Matching versions
Siemens » Sinec Infrastructure Network Services » Version: 1.0.1.1
cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1.1:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Ontap Select Deploy Administration Utility » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Matching versions
Sqlite » Sqlite » Version: 3.30.1
cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.48%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

https://www.oracle.com/security-alerts/cpuapr2020.html

Oracle Critical Patch Update Advisory - April 2020
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E

[jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans. - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4394-1/

USN-4394-1: SQLite vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13

Do not allow CREATE TABLE or CREATE VIEW of an object with a name tha… · sqlite/sqlite@527cbd4 · GitHub
Patch;Third Party Advisory
https://www.sqlite.org/

SQLite Home Page
Vendor Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20191223-0001/

December 2019 SQLite Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url

Jump to