CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
sqlitesqlite
𝑥
≤ 3.30.1
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
tenabletenable.sc
𝑥
< 5.19.0
oraclemysql_workbench
𝑥
≤ 8.0.19
netappcloud_backup
-
netappontap_select_deploy_administration_utility
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bullseye
3.34.1-3
fixed
bullseye (security)
3.34.1-3+deb11u1
fixed
bookworm
3.40.1-2
fixed
sid
3.46.1-1
fixed
trixie
3.46.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite
eoan
not-affected
disco
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
sqlite3
eoan
not-affected
disco
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
https://security.netapp.com/advisory/ntap-20191223-0001/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.sqlite.org/
https://www.tenable.com/security/tns-2021-14
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
https://security.netapp.com/advisory/ntap-20191223-0001/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.sqlite.org/
https://www.tenable.com/security/tns-2021-14