Vulnerabilities > CVE-2019-19242 - NULL Pointer Dereference vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

nessus

NVD

Published: 2019-11-27

Updated: 2022-04-19

Summary

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

Vulnerable Configurations

Part	Description	Count
Application	Sqlite Sqlite Sqlite 3.30.1	1
Application	Oracle Oracle Mysql Workbench - Oracle Mysql Workbench 5.2.47 Oracle Mysql Workbench 6.0.9 Oracle Mysql Workbench 6.1.7 Oracle Mysql Workbench 6.2.5 Oracle Mysql Workbench 6.3.8 Oracle Mysql Workbench 6.3.10 Oracle Mysql Workbench 8.0.12 Oracle Mysql Workbench 8.0.13 Oracle Mysql Workbench 8.0.14 Oracle Mysql Workbench 8.0.15 Oracle Mysql Workbench 8.0.16 Oracle Mysql Workbench 8.0.17 Oracle Mysql Workbench 8.0.18 Oracle Mysql Workbench 8.0.19	15
Application	Siemens Siemens Sinec Infrastructure Network Services *	1
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Canonical Ubuntu Linux 19.10	5
OS	Redhat Redhat Enterprise Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4205-1.NASL
description	It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244) It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018) It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131561
published	2019-12-03
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131561
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : sqlite3 vulnerabilities (USN-4205-1)

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.