NULL Pointer Dereference in sqlite3

Do your applications use this vulnerable package? Test your applications

Overview

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

References

Debian Security Tracker
Fedora Security Update
Fedora Security Update
GENTOO
MISC
MISC
MISC
MISC
MISC
MLIST
Netapp Security Advisory
OpenSuse Security Announcement
Security Focus
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-9937
CWE: CWE-476
Snyk ID: SNYK-UBUNTU1804-SQLITE3-449743
Disclosed: 22 Mar, 2019
Published: 22 Mar, 2019

NULL Pointer Dereference
Affecting sqlite3 package, versions <3.22.0-1ubuntu0.1

Overview

References

CVSS Score

NULL Pointer Dereference Affecting sqlite3 package, versions <3.22.0-1ubuntu0.1

Overview

References

NULL Pointer Dereference
Affecting sqlite3 package, versions <3.22.0-1ubuntu0.1