CVE-2019-19959 in sqlite3

Do your applications use this vulnerable package? Test your applications

Overview

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

References

Debian Security Tracker
GitHub Commit
GitHub Commit
N/A
Netapp Security Advisory
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

High
Availability

None

CVE-2019-19959
Affecting sqlite3 package, versions <3.27.2-3+deb10u1

Overview

References

CVSS Score

CVE-2019-19959 Affecting sqlite3 package, versions <3.27.2-3+deb10u1

Overview

References

CVE-2019-19959
Affecting sqlite3 package, versions <3.27.2-3+deb10u1