CVE-2019-19924 : SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbea

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

Published 2019-12-24 16:15:11

Updated 2022-04-15 16:18:37

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19924

Apache » Bookkeeper » Version: 4.12.1
cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Workbench
Versions up to, including, (<=) 8.0.19
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Matching versions
Siemens » Sinec Infrastructure Network Services
Versions before (<) 1.0.1.1
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Sqlite » Sqlite » Version: 3.30.1
cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-19924

EPSS FAQ

10.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-19924

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2019-19924

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-19924

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuapr2020.html

Oracle Critical Patch Update Advisory - April 2020
Patch;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4298-1/

USN-4298-1: SQLite vulnerabilities | Ubuntu security notices
Broken Link

CVEs referencing this url
https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3

When an error occurs while rewriting the parser tree for window funct… · sqlite/sqlite@8654186 · GitHub
Patch;Third Party Advisory
https://security.netapp.com/advisory/ntap-20200114-0003/

January 2020 SQLite Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-19924

Products affected by CVE-2019-19924

Exploit prediction scoring system (EPSS) score for CVE-2019-19924

CVSS scores for CVE-2019-19924

CWE ids for CVE-2019-19924

References for CVE-2019-19924