CVE-2019-19924 — MEDIUM (5.3)

Q: What is CVE-2019-19924?

CVE-2019-19924 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

Q: How severe is CVE-2019-19924?

CVE-2019-19924 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19924?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Siemens Sinec Infrastructure Network Services, Apache Bookkeeper, Oracle Mysql Workbench, Netapp Cloud Backup.

Vulnerability Description

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sqlite	Sqlite	3.30.1
Siemens	Sinec Infrastructure Network Services	< 1.0.1.1
Apache	Bookkeeper	4.12.1
Oracle	Mysql Workbench	<= 8.0.19
Netapp	Cloud Backup	-

Related Weaknesses (CWE)

CWE-755

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3PatchThird Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://security.netapp.com/advisory/ntap-20200114-0003/Third Party Advisory
https://usn.ubuntu.com/4298-1/Broken Link
https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatchThird Party Advisory
https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3PatchThird Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://security.netapp.com/advisory/ntap-20200114-0003/Third Party Advisory
https://usn.ubuntu.com/4298-1/Broken Link
https://www.oracle.com/security-alerts/cpuapr2020.htmlPatchThird Party Advisory

FAQ

What is CVE-2019-19924?

CVE-2019-19924 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

How severe is CVE-2019-19924?

CVE-2019-19924 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19924?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Siemens Sinec Infrastructure Network Services, Apache Bookkeeper, Oracle Mysql Workbench, Netapp Cloud Backup.