CVE-2019-8457 — Out-of-bounds Read in Sqlite
Severity
9.8CRITICALNVD
EPSS
26.8%
top 3.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 30
Latest updateMay 24
Description
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Fedora 29, 30, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 19.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
10Android▶
CVE-2019-8457: Android Security Bulletin 2020-04-01
CVE: CVE-2019-8457
Severity: HIGH
Type: ID
Affected AOSP versions: 8↗2020-04-01
Oracle
▶
💬Community
5Bugzilla▶
CVE-2019-8457 sqlite: sqlite3: heap out-of-bound read in function rtreenode() [fedora-all]↗2019-06-11
Bugzilla
▶
Bugzilla▶
CVE-2019-8457 sqlite3-dbf: sqlite3: heap out-of-bound read in function rtreenode() [fedora-all]↗2019-06-04
Bugzilla▶
CVE-2019-8457 sqlite3-dbf: sqlite3: heap out-of-bound read in function rtreenode() [epel-all]↗2019-06-04