CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
sqlitesqlite
3.30.1
netappcloud_backup
-
debiandebian_linux
9.0
debiandebian_linux
10.0
susepackage_hub
-
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
opensusebackports_sle
15.0:sp1
opensuseleap
15.1
oraclemysql_workbench
𝑥
≤ 8.0.19
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
128.0.6613.84-1~deb12u1
fixed
bookworm (security)
130.0.6723.91-1~deb12u1
fixed
bullseye
120.0.6099.224-1~deb11u1
fixed
bullseye (security)
120.0.6099.224-1~deb11u1
fixed
buster
not-affected
jessie
not-affected
sid
130.0.6723.91-2
fixed
stretch
not-affected
trixie
129.0.6668.89-1
fixed
sqlite3
bookworm
3.40.1-2
fixed
bullseye
3.34.1-3
fixed
bullseye (security)
3.34.1-3+deb11u1
fixed
buster
not-affected
jessie
not-affected
sid
3.46.1-1
fixed
stretch
not-affected
trixie
3.46.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite3
bionic
not-affected
disco
ignored
eoan
Fixed 3.29.0-2ubuntu0.2
released
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsqlite3-0
suse enterprise desktop 15 SP2
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP3
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP4
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP5
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP6
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP7
3.36.0-3.12.1
fixed
suse enterprise sap 12 SP3
3.36.0-9.18.1
fixed
suse enterprise sap 12 SP4
3.36.0-9.18.1
fixed
suse enterprise sap 15
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP1
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP2
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP3
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP4
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP5
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP6
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP7
3.36.0-3.12.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 15
3.36.0-3.12.1
fixed
suse enterprise server 15 SP1
3.36.0-3.12.1
fixed
suse enterprise server 15 SP2
3.36.0-3.12.1
fixed
suse enterprise server 15 SP3
3.36.0-3.12.1
fixed
suse enterprise server 15 SP4
3.36.0-3.12.1
fixed
suse enterprise server 15 SP5
3.36.0-3.12.1
fixed
suse enterprise server 15 SP6
3.36.0-3.12.1
fixed
suse enterprise server 15 SP7
3.36.0-3.12.1
fixed
libsqlite3-0-32bit
suse enterprise desktop 15 SP2
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP3
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP4
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP5
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP6
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP7
3.36.0-3.12.1
fixed
suse enterprise sap 12 SP3
3.36.0-9.18.1
fixed
suse enterprise sap 12 SP4
3.36.0-9.18.1
fixed
suse enterprise sap 15
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP1
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP2
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP3
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP4
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP5
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP6
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP7
3.36.0-3.12.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 15
3.36.0-3.12.1
fixed
suse enterprise server 15 SP1
3.36.0-3.12.1
fixed
suse enterprise server 15 SP2
3.36.0-3.12.1
fixed
suse enterprise server 15 SP3
3.36.0-3.12.1
fixed
suse enterprise server 15 SP4
3.36.0-3.12.1
fixed
suse enterprise server 15 SP5
3.36.0-3.12.1
fixed
suse enterprise server 15 SP6
3.36.0-3.12.1
fixed
suse enterprise server 15 SP7
3.36.0-3.12.1
fixed
sqlite3
suse enterprise desktop 15 SP2
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP3
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP4
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP5
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP6
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP7
3.36.0-3.12.1
fixed
suse enterprise sap 12 SP3
3.36.0-9.18.1
fixed
suse enterprise sap 12 SP4
3.36.0-9.18.1
fixed
suse enterprise sap 15
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP1
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP2
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP3
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP4
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP5
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP6
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP7
3.36.0-3.12.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 15
3.36.0-3.12.1
fixed
suse enterprise server 15 SP1
3.36.0-3.12.1
fixed
suse enterprise server 15 SP2
3.36.0-3.12.1
fixed
suse enterprise server 15 SP3
3.36.0-3.12.1
fixed
suse enterprise server 15 SP4
3.36.0-3.12.1
fixed
suse enterprise server 15 SP5
3.36.0-3.12.1
fixed
suse enterprise server 15 SP6
3.36.0-3.12.1
fixed
suse enterprise server 15 SP7
3.36.0-3.12.1
fixed
sqlite3-devel
suse enterprise desktop 15 SP2
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP3
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP4
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP5
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP6
3.36.0-3.12.1
fixed
suse enterprise desktop 15 SP7
3.36.0-3.12.1
fixed
suse enterprise sap 12 SP3
3.36.0-9.18.1
fixed
suse enterprise sap 12 SP4
3.36.0-9.18.1
fixed
suse enterprise sap 15
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP1
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP2
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP3
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP4
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP5
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP6
3.36.0-3.12.1
fixed
suse enterprise sap 15 SP7
3.36.0-3.12.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 15
3.36.0-3.12.1
fixed
suse enterprise server 15 SP1
3.36.0-3.12.1
fixed
suse enterprise server 15 SP2
3.36.0-3.12.1
fixed
suse enterprise server 15 SP3
3.36.0-3.12.1
fixed
suse enterprise server 15 SP4
3.36.0-3.12.1
fixed
suse enterprise server 15 SP5
3.36.0-3.12.1
fixed
suse enterprise server 15 SP6
3.36.0-3.12.1
fixed
suse enterprise server 15 SP7
3.36.0-3.12.1
fixed
sqlite3-tcl
suse enterprise desktop 15 SP5
3.39.3-150000.3.20.1
fixed
suse enterprise desktop 15 SP6
3.44.0-150000.3.23.1
fixed
suse enterprise desktop 15 SP7
3.44.0-150000.3.23.1
fixed
suse enterprise sap 15 SP5
3.39.3-150000.3.20.1
fixed
suse enterprise sap 15 SP6
3.44.0-150000.3.23.1
fixed
suse enterprise sap 15 SP7
3.44.0-150000.3.23.1
fixed
suse enterprise server 15 SP5
3.39.3-150000.3.20.1
fixed
suse enterprise server 15 SP6
3.44.0-150000.3.23.1
fixed
suse enterprise server 15 SP7
3.44.0-150000.3.23.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:80.0.3987.87-1.el6_10
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
https://access.redhat.com/errata/RHSA-2020:0514
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
https://security.netapp.com/advisory/ntap-20200114-0001/
https://usn.ubuntu.com/4298-1/
https://www.debian.org/security/2020/dsa-4638
https://www.oracle.com/security-alerts/cpuapr2020.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
https://access.redhat.com/errata/RHSA-2020:0514
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
https://security.netapp.com/advisory/ntap-20200114-0001/
https://usn.ubuntu.com/4298-1/
https://www.debian.org/security/2020/dsa-4638
https://www.oracle.com/security-alerts/cpuapr2020.html