CVE-2019-19926: multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
chromium	chromium	>= 0 < 80.0.3987.106-1	80.0.3987.106-1
chromium	chromium	>= 0 < 80.0.3987.106-1	80.0.3987.106-1
chromium	chromium	>= 0 < 80.0.3987.106-1	80.0.3987.106-1
chromium	chromium	>= 0 < 80.0.3987.106-1	80.0.3987.106-1
debian	chromium	< chromium 80.0.3987.106-1 (bookworm)	chromium 80.0.3987.106-1 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	sqlite3	< chromium 80.0.3987.106-1 (bookworm)	chromium 80.0.3987.106-1 (bookworm)
ghost	sqlite3	>= 0 < 3.11.0-1ubuntu1.4	3.11.0-1ubuntu1.4
ghost	sqlite3	>= 0 < 3.22.0-1ubuntu0.3	3.22.0-1ubuntu0.3
ghost	sqlite3	>= 0 < 3.8.2-1ubuntu2.2+esm2	3.8.2-1ubuntu2.2+esm2
google	chrome_chrome	—	—
msrc	azl3_libdb_5.3.28-9_on_azure_linux_3.0	—	—
opensuse	backports_sle	—	—
opensuse	leap	—	—
oracle	mysql_workbench	<= 8.0.19	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_workstation	—	—
siemens	sinec_infrastructure_network_services	< 1.0.1.1	1.0.1.1
sqlite	sqlite	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv8.8HIGH