Vulnerabilities > CVE-2019-19926 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | Oracle
| 15 |
Application | 1 | |
Application | 1 | |
Application | 1 | |
OS | 2 | |
OS | 3 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0204_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133500 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133500 title Photon OS 2.0: Sqlite PHSA-2020-2.0-0204 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4638.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK last seen 2020-03-17 modified 2020-03-12 plugin id 134433 published 2020-03-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134433 title Debian DSA-4638-1 : chromium - security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0055_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133506 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133506 title Photon OS 3.0: Sqlite PHSA-2020-3.0-0055 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1132.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-02-24 plugin id 133933 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133933 title EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4298-1.NASL description It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-11 plugin id 134402 published 2020-03-11 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134402 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1) NASL family Windows NASL id GOOGLE_CHROME_80_0_3987_87.NASL description The version of Google Chrome installed on the remote Windows host is prior to 80.0.3987.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-02-04 plugin id 133465 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133465 title Google Chrome < 80.0.3987.87 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1180.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-05-03 modified 2020-02-25 plugin id 134014 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134014 title EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1364.NASL description According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-04-07 modified 2020-04-02 plugin id 135151 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135151 title EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_80_0_3987_87.NASL description The version of Google Chrome installed on the remote macOS host is prior to 80.0.3987.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-02-04 plugin id 133464 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133464 title Google Chrome < 80.0.3987.87 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1562.NASL description According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19924) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.(CVE-2019-20218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136265 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136265 title EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0270_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133503 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133503 title Photon OS 1.0: Sqlite PHSA-2020-1.0-0270 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0514.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-02 modified 2020-02-18 plugin id 133749 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133749 title RHEL 6 : chromium-browser (RHSA-2020:0514) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-189.NASL description This update for chromium fixes the following issues : Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed : - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833). last seen 2020-05-31 modified 2020-02-10 plugin id 133593 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133593 title openSUSE Security Update : chromium (openSUSE-2020-189)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://access.redhat.com/errata/RHSA-2020:0514
- https://access.redhat.com/errata/RHSA-2020:0514
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
- https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
- https://security.netapp.com/advisory/ntap-20200114-0003/
- https://security.netapp.com/advisory/ntap-20200114-0003/
- https://usn.ubuntu.com/4298-1/
- https://usn.ubuntu.com/4298-1/
- https://usn.ubuntu.com/4298-2/
- https://usn.ubuntu.com/4298-2/
- https://www.debian.org/security/2020/dsa-4638
- https://www.debian.org/security/2020/dsa-4638
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html