CVE-2019-19924 — Improper Handling of Exceptional Conditions in Sqlite

CWE-755 — Improper Handling of Exceptional Conditions CWE-391 — Unchecked Error Condition10 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

6.3%

top 9.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ghost Sqlite3 Siemens Sinec Infrastructure Network Services Oracle Mysql Workbench +2 more

Timeline

PublishedDec 24

Latest updateMay 24

Description

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶Debianghost/sqlite3< 3.30.1+fossil191229-1+3

▶NVDsqlite/sqlite3.30.1

▶NVDsiemens/sinec_infrastructure_network_services< 1.0.1.1

▶NVDoracle/mysql_workbench8.0.19

▶NVDapache/bookkeeper4.12.1

Patches

Patch: cert-portal.siemens.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mp99-gxqh-6752: SQLite 3↗2022-05-24

▶

OSV

CVE-2019-19924: SQLite 3↗2019-12-24

▶

CVEList

CVE-2019-19924: SQLite 3↗2019-12-24

▶

📋Vendor Advisories

Ubuntu

SQLite vulnerabilities↗2020-03-10

▶

Red Hat

sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting↗2020-01-08

▶

Debian

CVE-2019-19924: sqlite3 - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbea...↗2019

▶

💬Community

Bugzilla

CVE-2019-19924 sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting [fedora-31]↗2020-01-10

▶

Bugzilla

CVE-2019-19924 sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting↗2020-01-08

▶

Bugzilla

CVE-2019-19924 sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting [fedora-30]↗2020-01-08

▶