NULL Pointer Dereference
Affecting sqlite3 package, versions <3.22.0-1ubuntu0.3
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
References
CVSS Score
7.5
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2019-19923
- CWE
- CWE-476
- Snyk ID
- SNYK-UBUNTU1804-SQLITE3-557174
- Disclosed
- 24 Dec, 2019
- Published
- 24 Dec, 2019