CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Link	Resource
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200114-0001/	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html	Mailing List Third Party Advisory
https://www.debian.org/security/2020/dsa-4638	Third Party Advisory
https://usn.ubuntu.com/4298-1/	Broken Link
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch Third Party Advisory

Configuration 1

cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

---

Published : 2019-12-18 06:15

Updated : 2022-04-15 04:16

---

NVD link : CVE-2019-19880

Mitre link : CVE-2019-19880

Package Hub

Suse

CWE-476