5.9

CVE-2019-19242

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version3.30.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
RedhatEnterprise Linux Version8.0
OracleMysql Workbench Version <= 8.0.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.54% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.oracle.com/security-alerts/cpuapr2020.html
Patch
Third Party Advisory
https://usn.ubuntu.com/4205-1/
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Patch
Third Party Advisory
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
Patch
Third Party Advisory