CVE-2019-16168
MEDIUMSQLite < 3.29.0 - Denial of Service via Missing Validation in Query Planner
Title source: llmDescription
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
References (17)
Core 17
Core References
Mailing List x_refsource_misc
https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html
Patch, Vendor Advisory x_refsource_misc
https://www.sqlite.org/src/timeline?c=98357d8c1263920b
Vendor Advisory x_refsource_misc
https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190926-0003/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4205-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200122-0003/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-16
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2021-08
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2021-11
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2021-14
Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Scores
CVSS v3
6.5
EPSS
0.0084
EPSS Percentile
75.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-369
Status
published
Products (27)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
canonical/ubuntu_linux
19.10
debian/debian_linux
9.0
fedoraproject/fedora
30
mcafee/policy_auditor
< 6.5.1
netapp/active_iq_unified_manager
7.3
netapp/active_iq_unified_manager
9.5
... and 17 more
Published
Sep 09, 2019
Tracked Since
Feb 18, 2026