Do your applications use this vulnerable package?
Test your applications
Overview
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
References
- CVE Details
- Debian Security Tracker
- Fedora Security Update
- Fedora Security Update
- MISC
- MISC
- MISC
- MISC
- N/A
- Netapp Security Advisory
- OpenSuse Security Announcement
- Oracle Security Advisory
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2019-8457
- CWE
- CWE-125
- Snyk ID
- SNYK-ALPINE38-SQLITE-458494
- Disclosed
- 30 May, 2019
- Published
- 30 May, 2019