CVE-2019-19645

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

References

https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06

https://security.netapp.com/advisory/ntap-20191223-0001/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://usn.ubuntu.com/4394-1/

Details

Source: MITRE

Published: 2019-12-09

Updated: 2021-07-22

Type: CWE-674

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* versions up to 3.30.1 (inclusive)

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
153643SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1)NessusSuSE Local Security Checks
critical
152986Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)NessusMisc.
high
151985Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated)NessusMisc.
high
151816openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:1058-1)NessusSuSE Local Security Checks
critical
151748openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:2320-1)NessusSuSE Local Security Checks
critical
151654SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1)NessusSuSE Local Security Checks
critical
137353Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : SQLite vulnerabilities (USN-4394-1)NessusUbuntu Local Security Checks
high
132989Photon OS 2.0: Sqlite PHSA-2020-2.0-0200NessusPhotonOS Local Security Checks
high
132984Photon OS 1.0: Sqlite PHSA-2020-1.0-0264NessusPhotonOS Local Security Checks
critical