CVE-2019-20218Improper Handling of Exceptional Conditions in Sqlite

CWE-755Improper Handling of Exceptional ConditionsCWE-391Unchecked Error Condition11 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Ghost Sqlite3Oracle Mysql WorkbenchCanonical Ubuntu Linux+2 more
Timeline
PublishedJan 2
Latest updateMay 24

Description

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianghost/sqlite3< 3.30.1+fossil191229-1+3
NVDsqlite/sqlite3.30.1

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-vrgp-3vgj-937c: selectExpander in select2022-05-24
CVEList
CVE-2019-20218: selectExpander in select2020-01-02
OSV
CVE-2019-20218: selectExpander in select2020-01-02

📋Vendor Advisories

3
Ubuntu
SQLite vulnerabilities2020-03-10
Red Hat
sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error2020-01-02
Debian
CVE-2019-20218: sqlite3 - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding e...2019

💬Community

4
Bugzilla
CVE-2019-20218 mingw-sqlite: sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error [epel-7]2020-01-15
Bugzilla
CVE-2019-20218 sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error2020-01-15
Bugzilla
CVE-2019-20218 sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error [fedora-all]2020-01-15
Bugzilla
CVE-2019-20218 mingw-sqlite: sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error [fedora-all]2020-01-15
CVE-2019-20218 — Sqlite vulnerability | cvebase