CVE-2019-9937
published 2019-03-22CVE-2019-9937: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.27.2-2 (bookworm) | sqlite3 3.27.2-2 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.27.2-2 | 3.27.2-2 |
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.2 | 3.11.0-1ubuntu1.2 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.1 | 3.22.0-1ubuntu0.1 |
| sqlite | sqlite | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH