CVE-2019-19242

MEDIUM

SQLite <3.30.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4205-1/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Scores

CVSS v3 5.9
EPSS 0.0020
EPSS Percentile 41.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (9)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
canonical/ubuntu_linux 19.10
oracle/mysql_workbench < 8.0.19
redhat/enterprise_linux 8.0
siemens/sinec_infrastructure_network_services < 1.0.1.1
sqlite/sqlite 3.30.1
Published Nov 27, 2019
Tracked Since Feb 18, 2026