CVE-2019-9936
published 2019-03-22CVE-2019-9936: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.27.2-2 (bookworm) | sqlite3 3.27.2-2 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.2 | 3.11.0-1ubuntu1.2 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.1 | 3.22.0-1ubuntu0.1 |
| android | — | — | |
| sqlite | sqlite | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH