REDHAT-BUG-1789364: SQL Injection
First published: Thu Jan 09 2020(Updated: )
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for <a href="https://access.redhat.com/security/cve/CVE-2019-19880">CVE-2019-19880</a>. Upstream commit: <a href="https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089">https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SQLite JDBC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2019-19880
- https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789374
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789365
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789377
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789367
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789371
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789375
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789372
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789376
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789368
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789373
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789369
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1789381
- https://access.redhat.com/security/cve/cve-2019-19926
- https://access.redhat.com/errata/RHSA-2020:0514
- https://bugzilla.redhat.com/show_bug.cgi?id=1789364
Frequently Asked Questions
What is the severity of REDHAT-BUG-1789364?
The severity of REDHAT-BUG-1789364 is classified as a medium risk due to the potential for mishandled errors during parsing.
How can I fix REDHAT-BUG-1789364?
To fix REDHAT-BUG-1789364, upgrade to the latest version of SQLite that addresses this vulnerability.
What causes the vulnerabilities in REDHAT-BUG-1789364?
REDHAT-BUG-1789364 is caused by an incomplete fix for a prior vulnerability in SQLite, leading to improper error handling.
Which versions of SQLite are affected by REDHAT-BUG-1789364?
SQLite 3.30.1 is specifically mentioned as having the vulnerability associated with REDHAT-BUG-1789364.
Is REDHAT-BUG-1789364 related to any other vulnerabilities?
Yes, REDHAT-BUG-1789364 is related to CVE-2019-19880, as it stems from an incomplete fix for that vulnerability.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-19926
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sqlite
- canonical/sqlite