CVE-2019-5827 — Integer Overflow or Wraparound in Google Chrome

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

8.8HIGHNVD

EPSS

5.0%

top 10.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Ghost Sqlite3 +5 more

Timeline

PublishedJun 27

Latest updateMay 24

Description

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 74.0.3729.131

▶NVDgoogle/chrome< 74.0.3729.131

▶Debianghost/sqlite3< 3.27.2-3+3

▶Debianchromium/chromium< 75.0.3770.80-1+3

▶NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, Ubuntu Linux 12.04, 16.04, 18.04, 19.04, 19.10

Patches

Patch: lists.opensuse.org ↗Patch: crbug.com ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-r9jh-6r48-qhmq: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74↗2022-05-24

▶

OSV

CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74↗2019-06-27

▶

CVEList

CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74↗2019-06-27

▶

📋Vendor Advisories

Ubuntu

SQLite vulnerabilities↗2019-12-02

▶

Red Hat

sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces↗2019-04-30

▶

Debian

CVE-2019-5827: chromium - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 al...↗2019

▶

💬Community

Bugzilla

CVE-2019-5827 mingw-sqlite: chromium-browser: out-of-bounds access in SQLite [fedora-all]↗2019-05-15

▶

Bugzilla

CVE-2019-5827 sqlite: chromium-browser: out-of-bounds access in SQLite [fedora-all]↗2019-05-15

▶

Bugzilla

CVE-2019-5827 sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces↗2019-05-06

▶

Bugzilla

CVE-2019-5827 chromium: chromium-browser: out-of-bounds access in SQLite [fedora-all]↗2019-05-06

▶

Bugzilla

CVE-2019-5827 chromium: chromium-browser: out-of-bounds access in SQLite [epel-7]↗2019-05-06

▶