CVE-2019-16168

medium

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

References

https://www.sqlite.org/src/timeline?c=98357d8c1263920b

https://www.mail-archive.com/[email protected]/msg116312.html

https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62

https://security.netapp.com/advisory/ntap-20190926-0003/

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html

https://usn.ubuntu.com/4205-1/

https://lists.fedoraproject.org/archives/list/[email protected]/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/

https://www.oracle.com/security-alerts/cpujan2020.html

https://security.netapp.com/advisory/ntap-20200122-0003/

https://security.gentoo.org/glsa/202003-16

https://www.oracle.com/security-alerts/cpuapr2020.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html

https://www.tenable.com/security/tns-2021-08

https://www.tenable.com/security/tns-2021-11

https://www.tenable.com/security/tns-2021-14

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Details

Source: MITRE

Published: 2019-09-09

Updated: 2021-07-31

Type: CWE-369

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* versions from 3.8.5 to 3.29.0 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.18 (inclusive)

cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

ID	Name	Product	Family	Severity
153643	SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1)	Nessus	SuSE Local Security Checks	critical
152986	Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)	Nessus	Misc.	high
151985	Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated)	Nessus	Misc.	high
150798	Tenable Nessus 8.x.x < 8.15.0 Multiple Vulnerabilities (TNS-2021-11)	Nessus	Misc.	medium
149744	CentOS 8 : mingw packages (CESA-2021:1968)	Nessus	CentOS Local Security Checks	high
149666	RHEL 8 : mingw packages (RHSA-2021:1968)	Nessus	Red Hat Local Security Checks	high
148392	Tenable Nessus Agent < 8.2.4 Multiple Vulnerabilities (TNS-2021-08)	Nessus	Misc.	high
147397	NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2021-0064)	Nessus	NewStart CGSL Local Security Checks	high
145815	CentOS 8 : sqlite (CESA-2020:4442)	Nessus	CentOS Local Security Checks	high
142752	Oracle Linux 8 : sqlite (ELSA-2020-4442)	Nessus	Oracle Linux Local Security Checks	high
142429	RHEL 8 : sqlite (RHSA-2020:4442)	Nessus	Red Hat Local Security Checks	high
134593	GLSA-202003-16 : SQLite: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
133096	Amazon Linux 2 : java-11-amazon-corretto (ALAS-2020-1387)	Nessus	Amazon Linux Local Security Checks	high
132992	Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU)	Nessus	Windows	high
132960	Oracle Java SE 1.7.0_251 / 1.8.0_241 / 1.11.0_6 / 1.13.0_2 Multiple Vulnerabilities (Jan 2020 CPU) (Unix)	Nessus	Misc.	high
132958	MySQL 8.0.x < 8.0.19 Multiple Vulnerabilities (Jan 2020 CPU)	Nessus	Databases	critical
132833	EulerOS Virtualization for ARM 64 3.0.5.0 : sqlite (EulerOS-SA-2020-1079)	Nessus	Huawei Local Security Checks	critical
131715	Fedora 30 : sqlite (2019-b1636e0b70)	Nessus	Fedora Local Security Checks	medium
131561	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : sqlite3 vulnerabilities (USN-4205-1)	Nessus	Ubuntu Local Security Checks	high
130828	EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-2119)	Nessus	Huawei Local Security Checks	medium
130205	Photon OS 2.0: Sqlite PHSA-2019-2.0-0184	Nessus	PhotonOS Local Security Checks	medium
129745	openSUSE Security Update : sqlite3 (openSUSE-2019-2300)	Nessus	SuSE Local Security Checks	medium
129744	openSUSE Security Update : sqlite3 (openSUSE-2019-2298)	Nessus	SuSE Local Security Checks	medium
129582	SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:2536-1)	Nessus	SuSE Local Security Checks	medium
129581	SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2019:2533-1)	Nessus	SuSE Local Security Checks	medium
129165	Photon OS 3.0: Sqlite PHSA-2019-3.0-0030	Nessus	PhotonOS Local Security Checks	medium

CVE-2019-16168

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Tenable Plugins

critical

high

high

medium

high

high

high

high

high

high

high

high

high

high

high

critical

critical

medium

high

medium

medium

medium

medium

medium

medium

medium