First published: Mon Sep 09 2019(Updated: )
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SQLite SQLite | >=3.8.5<=3.29.0 | |
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Santricity Unified Manager | ||
Netapp Steelstore Cloud Integrated Storage | ||
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Canonical Ubuntu Linux | =19.10 | |
Fedoraproject Fedora | =30 | |
Debian Debian Linux | =9.0 | |
Tenable Nessus Agent | <=8.2.3 | |
Oracle Communications Design Studio | =7.3.4.3.0 | |
Oracle Communications Design Studio | =7.3.5.5.0 | |
Oracle Communications Design Studio | =7.4.0.4.0 | |
Oracle JDK | =1.8.0-update231 | |
Oracle JRE | =1.8.0-update231 | |
Oracle MySQL | >=8.0.0<=8.0.18 | |
Oracle Outside In Technology | =8.5.4 | |
Oracle Solaris | =11 | |
Oracle ZFS Storage Appliance | =8.8 | |
McAfee Policy Auditor | <6.5.1 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2+deb12u1 3.46.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16168 is a vulnerability in SQLite that can cause a denial of service by crashing an application.
CVE-2019-16168 affects SQLite versions up to 3.29.0 and can be exploited by providing specially-crafted input.
CVE-2019-16168 has a severity rating of 6.5, which is considered medium.
SQLite versions up to 3.29.0 are affected by CVE-2019-16168.
Yes, the vulnerability can be fixed by updating SQLite to version 3.29.0 or higher.