| Summary: | <dev-db/sqlite-3.31.0: Multiple vulnerabilities (CVE-2019-{19244,19242,19317,19603,20218}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | arfrever.fta, floppym |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=716748 | ||
| Whiteboard: | A2 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 711526 | ||
| Bug Blocks: | |||
|
Description
GLSAMaker/CVETool Bot
2020-04-17 05:47:41 UTC
CVE-2019-19603 (https://nvd.nist.gov/vuln/detail/CVE-2019-19603): SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. CVE-2019-19317 (https://nvd.nist.gov/vuln/detail/CVE-2019-19317): lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVE-2019-19244 (https://nvd.nist.gov/vuln/detail/CVE-2019-19244): sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. CVE-2019-19242 (https://nvd.nist.gov/vuln/detail/CVE-2019-19242): SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. Repository is clean, all done. |