CVE-2019-20218

HIGH

Sqlite < 8.0.19 - Improper Exception Handling

Title source: rule

Description

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

References (6)

[Patch, Third Party Advisory] https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387

View Patch ZIP pw:eip

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html

[Third Party Advisory] https://security.gentoo.org/glsa/202007-26

[Third Party Advisory] https://usn.ubuntu.com/4298-1/

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 60.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (6)

sqlite/sqlite

debian/debian_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

oracle/mysql_workbench < 8.0.19

Timeline

Published Jan 02, 2020

Tracked Since Feb 18, 2026