CVE-2019-19317

CRITICAL

SQLite 3.30.1 - Denial of Service via Generated Column Bitmask Handling

Title source: llm

Description

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

References (5)

Core 5

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8

View Patch ZIP pw:eip

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191223-0001/

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Scores

CVSS v3 9.8

EPSS 0.0428

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-681

Status published

Products (5)

netapp/cloud_backup

netapp/ontap_select_deploy_administration_utility

oracle/mysql_workbench < 8.0.19

siemens/sinec_infrastructure_network_services < 1.0.1.1

sqlite/sqlite 3.30.1

Published Dec 05, 2019

Tracked Since Feb 18, 2026