CVE-2019-8457

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

References

https://www.sqlite.org/src/info/90acdbfce9c08858

https://www.sqlite.org/releaselog/3_28_0.html

https://usn.ubuntu.com/4004-1/

https://usn.ubuntu.com/4004-2/

https://security.netapp.com/advisory/ntap-20190606-0002/

https://usn.ubuntu.com/4019-1/

https://usn.ubuntu.com/4019-2/

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Details

Source: MITRE

Published: 2019-05-30

Updated: 2021-07-31

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* versions from 3.6.0 to 3.27.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
153643SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1)NessusSuSE Local Security Checks
critical
145795CentOS 8 : sqlite (CESA-2020:1810)NessusCentOS Local Security Checks
critical
138774NewStart CGSL MAIN 6.01 : sqlite Multiple Vulnerabilities (NS-SA-2020-0031)NessusNewStart CGSL Local Security Checks
critical
136056RHEL 8 : sqlite (RHSA-2020:1810)NessusRed Hat Local Security Checks
critical
134746EulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-1280)NessusHuawei Local Security Checks
critical
134496EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1207)NessusHuawei Local Security Checks
critical
132942FreeBSD : MySQL -- Multiple vulerabilities (a6cf65ad-37d2-11ea-a1c7-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
131615EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-2461)NessusHuawei Local Security Checks
critical
131513EulerOS Virtualization for ARM 64 3.0.3.0 : sqlite (EulerOS-SA-2019-2348)NessusHuawei Local Security Checks
critical
129253EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2060)NessusHuawei Local Security Checks
critical
129185EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1991)NessusHuawei Local Security Checks
critical
128183EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814)NessusHuawei Local Security Checks
critical
127506Fedora 29 : sqlite (2019-3377813d18)NessusFedora Local Security Checks
critical
127103Fedora 30 : sqlite (2019-02b81266b7)NessusFedora Local Security Checks
critical
126331openSUSE Security Update : sqlite3 (openSUSE-2019-1645)NessusSuSE Local Security Checks
critical
126210Photon OS 2.0: Sqlite PHSA-2019-2.0-0162NessusPhotonOS Local Security Checks
high
126208Photon OS 3.0: Sqlite PHSA-2019-3.0-0018NessusPhotonOS Local Security Checks
critical
126202Photon OS 1.0: Sqlite PHSA-2019-1.0-0237NessusPhotonOS Local Security Checks
high
126156SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1601-1)NessusSuSE Local Security Checks
critical
126065Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : SQLite vulnerabilities (USN-4019-1)NessusUbuntu Local Security Checks
critical
125986SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)NessusSuSE Local Security Checks
critical
125944SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2019:14083-1)NessusSuSE Local Security Checks
critical
125720Ubuntu 14.04 LTS : db5.3 vulnerability (USN-4004-2)NessusUbuntu Local Security Checks
critical