CVE-2019-19880

high

Description

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

References

Advisories

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.debian.org/security/2020/dsa-4638

https://usn.ubuntu.com/4298-1/

https://security.netapp.com/advisory/ntap-20200114-0001/

https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

https://access.redhat.com/errata/RHSA-2020:0514

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html

Details

Source: Mitre, NVD

Published: 2019-12-18

Updated: 2022-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.1124

Detections

Analytics