7.5
CWE
89 476
Advisory Published
Updated

CVE-2019-19880: SQL Injection

First published: Wed Dec 18 2019(Updated: )

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
SQLite SQLite=3.30.1
Netapp Cloud Backup
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
SUSE Linux Enterprise=12.0
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
Redhat Enterprise Linux Workstation=6.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
Oracle Mysql Workbench<=8.0.19
Siemens Sinec Infrastructure Network Services<1.0.1.1
All of
Suse Package Hub
SUSE Linux Enterprise=12.0
IBM Data Risk Manager<=2.0.6
debian/chromium
120.0.6099.224-1~deb11u1
128.0.6613.84-1~deb12u1
129.0.6668.100-1~deb12u1
129.0.6668.89-1
129.0.6668.100-2
debian/sqlite3
3.34.1-3
3.34.1-3+deb11u1
3.40.1-2
3.46.0-1
3.46.1-1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-19880?

    CVE-2019-19880 is a vulnerability in SQLite that allows attackers to trigger an invalid pointer dereference, leading to a denial of service.

  • How severe is CVE-2019-19880?

    CVE-2019-19880 has a severity score of 7.5 out of 10, indicating a high severity.

  • Which software products are affected by CVE-2019-19880?

    IBM Data Risk Manager, Debian, Chromium, SQLite, SQLite3, Netapp Cloud Backup, Suse Package Hub, SUSE Linux Enterprise, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, openSUSE Backports SLE, openSUSE Leap, Oracle MySQL Workbench, Siemens Sinec Infrastructure Network Services, and Ubuntu.

  • How can I fix CVE-2019-19880 in IBM Data Risk Manager?

    To fix CVE-2019-19880 in IBM Data Risk Manager, update to version 2.0.6 or later. Apply the patch provided by IBM: [IBM Security Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.4.1&platform=Linux&function=all)

  • How can I fix CVE-2019-19880 in Debian?

    To fix CVE-2019-19880 in Debian, update the 'sqlite' or 'sqlite3' package to the latest version available. Check the Debian security advisory for detailed information.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203