Lucene search

K
cveMitreCVE-2019-16168
HistorySep 09, 2019 - 5:15 p.m.

CVE-2019-16168

2019-09-0917:15:13
CWE-369
mitre
web.nvd.nist.gov
356
9
sqlite
3.29.0
whereloopaddbtreeindex
sqlite3.c
crash
division by zero
query planner

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.004

Percentile

75.0%

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a “severe division by zero in the query planner.”

Affected configurations

Nvd
Node
sqlitesqliteRange3.8.53.29.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappe-series_santricity_os_controllerRange11.0.011.60.3
OR
netapponcommand_insightMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsantricity_unified_managerMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
canonicalubuntu_linuxMatch12.04
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
OR
canonicalubuntu_linuxMatch19.10
Node
fedoraprojectfedoraMatch30
Node
debiandebian_linuxMatch9.0
Node
tenablenessus_agentRange8.2.3
Node
oraclecommunications_design_studioMatch7.3.4.3.0
OR
oraclecommunications_design_studioMatch7.3.5.5.0
OR
oraclecommunications_design_studioMatch7.4.0.4.0
OR
oraclejdkMatch1.8.0update231
OR
oraclejreMatch1.8.0update231
OR
oraclemysqlRange8.0.08.0.18
OR
oracleoutside_in_technologyMatch8.5.4
OR
oraclesolarisMatch11
OR
oraclezfs_storage_applianceMatch8.8
Node
mcafeepolicy_auditorRange<6.5.1
VendorProductVersionCPE
sqlitesqlite*cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
netappe-series_santricity_os_controller*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapponcommand_workflow_automation-cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
netappsantricity_unified_manager-cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
netappsteelstore_cloud_integrated_storage-cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*
Rows per page:
1-10 of 271

References

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.004

Percentile

75.0%