system/sqlite: multiple vulnerabilities
Bugzilla ID | 200 |
Alias(es) | CVE-2019-16168, CVE-2019-19242, CVE-2019-19244, CVE-2019-19317, CVE-2019-19603, CVE-2019-19645, CVE-2019-19646, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-09-12 16:04:40 -0500 |
Modified | 2020-03-29 02:25:56 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-16168 |
Description
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can
crash a browser or other application because of missing validation of
a sqlite_stat1 sz field, aka a "severe division by zero in the query
planner."