CVE-2019-8457 — CRITICAL (9.8)

Q: What is CVE-2019-8457?

CVE-2019-8457 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Q: How severe is CVE-2019-8457?

CVE-2019-8457 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-8457?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Canonical Ubuntu Linux, Fedoraproject Fedora, Opensuse Leap.

Vulnerability Description

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sqlite	Sqlite	>= 3.6.0, <= 3.27.2
Canonical	Ubuntu Linux	14.04
Fedoraproject	Fedora	29
Opensuse	Leap	42.3

Related Weaknesses (CWE)

CWE-125

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.htmlThird Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.netapp.com/advisory/ntap-20190606-0002/Third Party Advisory
https://usn.ubuntu.com/4004-1/Third Party Advisory
https://usn.ubuntu.com/4004-2/Third Party Advisory
https://usn.ubuntu.com/4019-1/Third Party Advisory
https://usn.ubuntu.com/4019-2/Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatchThird Party Advisory
https://www.sqlite.org/releaselog/3_28_0.htmlRelease NotesVendor Advisory
https://www.sqlite.org/src/info/90acdbfce9c08858PatchVendor Advisory

FAQ

What is CVE-2019-8457?

CVE-2019-8457 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

How severe is CVE-2019-8457?

CVE-2019-8457 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-8457?

Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Canonical Ubuntu Linux, Fedoraproject Fedora, Opensuse Leap.