CVE-2019-19880

Sažetak

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Reference

https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
https://security.netapp.com/advisory/ntap-20200114-0001/
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
https://access.redhat.com/errata/RHSA-2020:0514
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
https://www.debian.org/security/2020/dsa-4638
https://usn.ubuntu.com/4298-1/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

15-04-2022 - 16:16

Objavljeno

18-12-2019 - 06:15