CVE-2019-19317 — Incorrect Conversion between Numeric Types in Sqlite

CWE-681 — Incorrect Conversion between Numeric Types CWE-20 — Improper Input Validation10 documents7 sources

Severity

9.8CRITICALNVD

EPSS

1.0%

top 23.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec Infrastructure Network Services Oracle Mysql Workbench Sqlite

Timeline

PublishedDec 5

Latest updateMay 24

Description

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDsiemens/sinec_infrastructure_network_services< 1.0.1.1

▶NVDsqlite/sqlite3.30.1

▶NVDoracle/mysql_workbench8.0.19

Patches

Patch: github.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-6283-q875-5qpp: lookupName in resolve↗2022-05-24

▶

CVEList

CVE-2019-19317: lookupName in resolve↗2019-12-05

▶

📋Vendor Advisories

Microsoft

▶

Red Hat

sqlite: omits bits from the colUsed bitmask in the case of a generated column↗2019-12-05

▶

Debian

CVE-2019-19317: sqlite3 - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in ...↗2019

▶

💬Community

Bugzilla

CVE-2019-19317 mingw-sqlite: sqlite: omits bits from the colUsed bitmask in the case of a generated column [fedora-all]↗2019-12-16

▶

Bugzilla

CVE-2019-19317 mingw-sqlite: sqlite: omits bits from the colUsed bitmask in the case of a generated column [epel-7]↗2019-12-16

▶

Bugzilla

CVE-2019-19317 sqlite: omits bits from the colUsed bitmask in the case of a generated column↗2019-12-16

▶

Bugzilla

CVE-2019-19317 sqlite: omits bits from the colUsed bitmask in the case of a generated column [fedora-all]↗2019-12-16

▶