CVE-2019-19242NULL Pointer Dereference in Sqlite

CWE-476NULL Pointer DereferenceCWE-89SQL Injection12 documents8 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 57.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Ghost Sqlite3Siemens Sinec Infrastructure Network ServicesOracle Mysql Workbench+3 more
Timeline
PublishedNov 27
Latest updateMay 24

Description

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

Debianghost/sqlite3< 3.30.1+fossil191229-1+3
NVDsqlite/sqlite3.30.1

Also affects: Ubuntu Linux 12.04, 16.04, 18.04, 19.04, 19.10, Enterprise Linux 8.0

Patches

Patch: cert-portal.siemens.comPatch: github.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-565m-5c74-6h7v: SQLite 32022-05-24
OSV
sqlite3 vulnerabilities2019-12-02
OSV
CVE-2019-19242: SQLite 32019-11-27
CVEList
CVE-2019-19242: SQLite 32019-11-25

📋Vendor Advisories

3
Ubuntu
SQLite vulnerabilities2019-12-02
Red Hat
sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c2019-11-27
Debian
CVE-2019-19242: sqlite3 - SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in...2019

💬Community

4
Bugzilla
CVE-2019-19242 mingw-sqlite: sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c [epel-7]2019-12-02
Bugzilla
CVE-2019-19242 mingw-sqlite: sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c [fedora-all]2019-12-02
Bugzilla
CVE-2019-19242 sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c [fedora-all]2019-12-02
Bugzilla
CVE-2019-19242 sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c2019-12-02
CVE-2019-19242 — NULL Pointer Dereference in Sqlite | cvebase