First published: Wed Dec 18 2019(Updated: )
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SQLite SQLite | =3.30.1 | |
Netapp Cloud Backup | ||
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Suse Package Hub | ||
SUSE Linux Enterprise | =12.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Workstation | =6.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.1 | |
Oracle Mysql Workbench | <=8.0.19 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
All of | ||
Suse Package Hub | ||
SUSE Linux Enterprise | =12.0 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 129.0.6668.100-1~deb12u1 129.0.6668.89-1 129.0.6668.100-2 | |
debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2 3.46.0-1 3.46.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19880 is a vulnerability in SQLite that allows attackers to trigger an invalid pointer dereference, leading to a denial of service.
CVE-2019-19880 has a severity score of 7.5 out of 10, indicating a high severity.
IBM Data Risk Manager, Debian, Chromium, SQLite, SQLite3, Netapp Cloud Backup, Suse Package Hub, SUSE Linux Enterprise, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, openSUSE Backports SLE, openSUSE Leap, Oracle MySQL Workbench, Siemens Sinec Infrastructure Network Services, and Ubuntu.
To fix CVE-2019-19880 in IBM Data Risk Manager, update to version 2.0.6 or later. Apply the patch provided by IBM: [IBM Security Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.4.1&platform=Linux&function=all)
To fix CVE-2019-19880 in Debian, update the 'sqlite' or 'sqlite3' package to the latest version available. Check the Debian security advisory for detailed information.