CVE-2019-19959 — Null Byte Interaction Error (Poison Null Byte) in Sqlite
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 3
Latest updateMay 24
Description
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.10
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2019-19959 mingw-sqlite: sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames [epel-7]↗2020-01-09
Bugzilla▶
CVE-2019-19959 mingw-sqlite: sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames [fedora-all]↗2020-01-09
Bugzilla▶
CVE-2019-19959 sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames↗2020-01-09
Bugzilla▶
CVE-2019-19959 sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames [fedora-all]↗2020-01-09