9.8

CVE-2019-8457

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version >= 3.6.0 <= 3.27.2
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
FedoraprojectFedora Version29
FedoraprojectFedora Version30
OpensuseLeap Version42.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 45.43% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpujan2020.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://usn.ubuntu.com/4019-1/
Third Party Advisory
https://usn.ubuntu.com/4019-2/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
https://security.netapp.com/advisory/ntap-20190606-0002/
Third Party Advisory
https://usn.ubuntu.com/4004-1/
Third Party Advisory
https://usn.ubuntu.com/4004-2/
Third Party Advisory
https://www.sqlite.org/releaselog/3_28_0.html
Vendor Advisory
Release Notes
https://www.sqlite.org/src/info/90acdbfce9c08858
Patch
Vendor Advisory