Vulnerability Details CVE-2019-8457
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.278
EPSS Ranking 96.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
- https://security.netapp.com/advisory/ntap-20190606-0002/
- https://usn.ubuntu.com/4004-1/
- https://usn.ubuntu.com/4004-2/
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.sqlite.org/releaselog/3_28_0.html
- https://www.sqlite.org/src/info/90acdbfce9c08858
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
- https://security.netapp.com/advisory/ntap-20190606-0002/
- https://usn.ubuntu.com/4004-1/
- https://usn.ubuntu.com/4004-2/
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.sqlite.org/releaselog/3_28_0.html
- https://www.sqlite.org/src/info/90acdbfce9c08858
Products affected by CVE-2019-8457
-
cpe:2.3:a:sqlite:sqlite:3.10.0
-
cpe:2.3:a:sqlite:sqlite:3.10.1
-
cpe:2.3:a:sqlite:sqlite:3.10.2
-
cpe:2.3:a:sqlite:sqlite:3.11.0
-
cpe:2.3:a:sqlite:sqlite:3.11.1
-
cpe:2.3:a:sqlite:sqlite:3.12.0
-
cpe:2.3:a:sqlite:sqlite:3.12.1
-
cpe:2.3:a:sqlite:sqlite:3.12.2
-
cpe:2.3:a:sqlite:sqlite:3.13.0
-
cpe:2.3:a:sqlite:sqlite:3.14
-
cpe:2.3:a:sqlite:sqlite:3.14.1
-
cpe:2.3:a:sqlite:sqlite:3.14.2
-
cpe:2.3:a:sqlite:sqlite:3.15.0
-
cpe:2.3:a:sqlite:sqlite:3.15.1
-
cpe:2.3:a:sqlite:sqlite:3.15.2
-
cpe:2.3:a:sqlite:sqlite:3.16.0
-
cpe:2.3:a:sqlite:sqlite:3.16.1
-
cpe:2.3:a:sqlite:sqlite:3.16.2
-
cpe:2.3:a:sqlite:sqlite:3.17.0
-
cpe:2.3:a:sqlite:sqlite:3.18.0
-
cpe:2.3:a:sqlite:sqlite:3.18.1
-
cpe:2.3:a:sqlite:sqlite:3.18.2
-
cpe:2.3:a:sqlite:sqlite:3.19.0
-
cpe:2.3:a:sqlite:sqlite:3.19.1
-
cpe:2.3:a:sqlite:sqlite:3.19.2
-
cpe:2.3:a:sqlite:sqlite:3.19.3
-
cpe:2.3:a:sqlite:sqlite:3.20.0
-
cpe:2.3:a:sqlite:sqlite:3.20.1
-
cpe:2.3:a:sqlite:sqlite:3.21.0
-
cpe:2.3:a:sqlite:sqlite:3.22.0
-
cpe:2.3:a:sqlite:sqlite:3.23.0
-
cpe:2.3:a:sqlite:sqlite:3.23.1
-
cpe:2.3:a:sqlite:sqlite:3.24.0
-
cpe:2.3:a:sqlite:sqlite:3.25.0
-
cpe:2.3:a:sqlite:sqlite:3.25.02
-
cpe:2.3:a:sqlite:sqlite:3.25.1
-
cpe:2.3:a:sqlite:sqlite:3.25.2
-
cpe:2.3:a:sqlite:sqlite:3.25.3
-
cpe:2.3:a:sqlite:sqlite:3.26.0
-
cpe:2.3:a:sqlite:sqlite:3.27.0
-
cpe:2.3:a:sqlite:sqlite:3.27.1
-
cpe:2.3:a:sqlite:sqlite:3.27.2
-
cpe:2.3:a:sqlite:sqlite:3.6.0
-
cpe:2.3:a:sqlite:sqlite:3.6.1
-
cpe:2.3:a:sqlite:sqlite:3.6.10
-
cpe:2.3:a:sqlite:sqlite:3.6.11
-
cpe:2.3:a:sqlite:sqlite:3.6.12
-
cpe:2.3:a:sqlite:sqlite:3.6.13
-
cpe:2.3:a:sqlite:sqlite:3.6.14
-
cpe:2.3:a:sqlite:sqlite:3.6.14.1
-
cpe:2.3:a:sqlite:sqlite:3.6.14.2
-
cpe:2.3:a:sqlite:sqlite:3.6.15
-
cpe:2.3:a:sqlite:sqlite:3.6.16
-
cpe:2.3:a:sqlite:sqlite:3.6.16.1
-
cpe:2.3:a:sqlite:sqlite:3.6.17
-
cpe:2.3:a:sqlite:sqlite:3.6.18
-
cpe:2.3:a:sqlite:sqlite:3.6.19
-
cpe:2.3:a:sqlite:sqlite:3.6.2
-
cpe:2.3:a:sqlite:sqlite:3.6.20
-
cpe:2.3:a:sqlite:sqlite:3.6.21
-
cpe:2.3:a:sqlite:sqlite:3.6.22
-
cpe:2.3:a:sqlite:sqlite:3.6.23
-
cpe:2.3:a:sqlite:sqlite:3.6.23.1
-
cpe:2.3:a:sqlite:sqlite:3.6.3
-
cpe:2.3:a:sqlite:sqlite:3.6.4
-
cpe:2.3:a:sqlite:sqlite:3.6.5
-
cpe:2.3:a:sqlite:sqlite:3.6.6
-
cpe:2.3:a:sqlite:sqlite:3.6.6.1
-
cpe:2.3:a:sqlite:sqlite:3.6.6.2
-
cpe:2.3:a:sqlite:sqlite:3.6.7
-
cpe:2.3:a:sqlite:sqlite:3.6.8
-
cpe:2.3:a:sqlite:sqlite:3.6.9
-
cpe:2.3:a:sqlite:sqlite:3.7.0
-
cpe:2.3:a:sqlite:sqlite:3.7.0.1
-
cpe:2.3:a:sqlite:sqlite:3.7.1
-
cpe:2.3:a:sqlite:sqlite:3.7.10
-
cpe:2.3:a:sqlite:sqlite:3.7.11
-
cpe:2.3:a:sqlite:sqlite:3.7.12
-
cpe:2.3:a:sqlite:sqlite:3.7.12.1
-
cpe:2.3:a:sqlite:sqlite:3.7.13
-
cpe:2.3:a:sqlite:sqlite:3.7.14
-
cpe:2.3:a:sqlite:sqlite:3.7.14.1
-
cpe:2.3:a:sqlite:sqlite:3.7.15
-
cpe:2.3:a:sqlite:sqlite:3.7.15.1
-
cpe:2.3:a:sqlite:sqlite:3.7.15.2
-
cpe:2.3:a:sqlite:sqlite:3.7.16
-
cpe:2.3:a:sqlite:sqlite:3.7.16.1
-
cpe:2.3:a:sqlite:sqlite:3.7.16.2
-
cpe:2.3:a:sqlite:sqlite:3.7.17
-
cpe:2.3:a:sqlite:sqlite:3.7.2
-
cpe:2.3:a:sqlite:sqlite:3.7.3
-
cpe:2.3:a:sqlite:sqlite:3.7.4
-
cpe:2.3:a:sqlite:sqlite:3.7.5
-
cpe:2.3:a:sqlite:sqlite:3.7.6
-
cpe:2.3:a:sqlite:sqlite:3.7.6.1
-
cpe:2.3:a:sqlite:sqlite:3.7.6.2
-
cpe:2.3:a:sqlite:sqlite:3.7.6.3
-
cpe:2.3:a:sqlite:sqlite:3.7.7
-
cpe:2.3:a:sqlite:sqlite:3.7.7.1
-
cpe:2.3:a:sqlite:sqlite:3.7.8
-
cpe:2.3:a:sqlite:sqlite:3.7.9
-
cpe:2.3:a:sqlite:sqlite:3.8.0
-
cpe:2.3:a:sqlite:sqlite:3.8.0.1
-
cpe:2.3:a:sqlite:sqlite:3.8.0.2
-
cpe:2.3:a:sqlite:sqlite:3.8.1
-
cpe:2.3:a:sqlite:sqlite:3.8.10
-
cpe:2.3:a:sqlite:sqlite:3.8.10.1
-
cpe:2.3:a:sqlite:sqlite:3.8.10.2
-
cpe:2.3:a:sqlite:sqlite:3.8.11
-
cpe:2.3:a:sqlite:sqlite:3.8.11.1
-
cpe:2.3:a:sqlite:sqlite:3.8.2
-
cpe:2.3:a:sqlite:sqlite:3.8.3
-
cpe:2.3:a:sqlite:sqlite:3.8.3.1
-
cpe:2.3:a:sqlite:sqlite:3.8.4
-
cpe:2.3:a:sqlite:sqlite:3.8.4.1
-
cpe:2.3:a:sqlite:sqlite:3.8.4.2
-
cpe:2.3:a:sqlite:sqlite:3.8.4.3
-
cpe:2.3:a:sqlite:sqlite:3.8.5
-
cpe:2.3:a:sqlite:sqlite:3.8.6
-
cpe:2.3:a:sqlite:sqlite:3.8.6.1
-
cpe:2.3:a:sqlite:sqlite:3.8.7
-
cpe:2.3:a:sqlite:sqlite:3.8.7.1
-
cpe:2.3:a:sqlite:sqlite:3.8.7.2
-
cpe:2.3:a:sqlite:sqlite:3.8.7.3
-
cpe:2.3:a:sqlite:sqlite:3.8.7.4
-
cpe:2.3:a:sqlite:sqlite:3.8.8
-
cpe:2.3:a:sqlite:sqlite:3.8.8.1
-
cpe:2.3:a:sqlite:sqlite:3.8.8.2
-
cpe:2.3:a:sqlite:sqlite:3.8.8.3
-
cpe:2.3:a:sqlite:sqlite:3.8.9
-
cpe:2.3:a:sqlite:sqlite:3.9.0
-
cpe:2.3:a:sqlite:sqlite:3.9.1
-
cpe:2.3:a:sqlite:sqlite:3.9.2
-
cpe:2.3:a:sqlite:sqlite:3.9.3
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:canonical:ubuntu_linux:19.04
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:opensuse:leap:42.3