CVE-2019-19645 — MEDIUM (5.5)

Q: What is CVE-2019-19645?

CVE-2019-19645 is a vulnerability with a CVSS score of 5.5 (MEDIUM). alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

Q: How severe is CVE-2019-19645?

CVE-2019-19645 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19645?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Netapp Cloud Backup, Netapp Ontap Select Deploy Administration Utility, Oracle Mysql Workbench, Tenable Tenable.Sc.

Vulnerability Description

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sqlite	Sqlite	<= 3.30.1
Netapp	Cloud Backup	-
Netapp	Ontap Select Deploy Administration Utility	-
Oracle	Mysql Workbench	<= 8.0.19
Tenable	Tenable.Sc	< 5.19.0
Siemens	Sinec Infrastructure Network Services	< 1.0.1.1

Related Weaknesses (CWE)

CWE-674

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20191223-0001/Third Party Advisory
https://usn.ubuntu.com/4394-1/Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory
https://www.tenable.com/security/tns-2021-14Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20191223-0001/Third Party Advisory
https://usn.ubuntu.com/4394-1/Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory
https://www.tenable.com/security/tns-2021-14Third Party Advisory

FAQ

What is CVE-2019-19645?

CVE-2019-19645 is a vulnerability with a CVSS score of 5.5 (MEDIUM). alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

How severe is CVE-2019-19645?

CVE-2019-19645 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19645?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Netapp Cloud Backup, Netapp Ontap Select Deploy Administration Utility, Oracle Mysql Workbench, Tenable Tenable.Sc.