Vulnerability Description
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sqlite | Sqlite | 3.30.1 |
| Canonical | Ubuntu Linux | 16.04 |
References
- https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69becThird Party Advisory
- https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200204-0001/Third Party Advisory
- https://usn.ubuntu.com/4298-1/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69becThird Party Advisory
- https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200204-0001/Third Party Advisory
- https://usn.ubuntu.com/4298-1/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
FAQ
What is CVE-2019-19959?
CVE-2019-19959 is a vulnerability with a CVSS score of 7.5 (HIGH). ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (...
How severe is CVE-2019-19959?
CVE-2019-19959 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19959?
Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Canonical Ubuntu Linux.