Divide By Zero

Affecting sqlite package, versions <3.25.3-r2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Divide By Zero. In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Remediation

Upgrade sqlite to version or higher.

References

CVSS Score

6.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE
CVE-2019-16168
CWE
CWE-369
Snyk ID
SNYK-ALPINE38-SQLITE-1019956
Disclosed
09 Sep, 2019
Published
09 Sep, 2019