Vulnerabilities > CVE-2019-19926 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0204_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-03-17
    modified2020-02-06
    plugin id133500
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133500
    titlePhoton OS 2.0: Sqlite PHSA-2020-2.0-0204
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4638.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK
    last seen2020-03-17
    modified2020-03-12
    plugin id134433
    published2020-03-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134433
    titleDebian DSA-4638-1 : chromium - security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0055_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-03-17
    modified2020-02-06
    plugin id133506
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133506
    titlePhoton OS 3.0: Sqlite PHSA-2020-3.0-0055
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1132.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-02-24
    plugin id133933
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133933
    titleEulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4298-1.NASL
    descriptionIt was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-11
    plugin id134402
    published2020-03-11
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134402
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_80_0_3987_87.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 80.0.3987.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-02-04
    plugin id133465
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133465
    titleGoogle Chrome < 80.0.3987.87 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1180.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
    last seen2020-05-03
    modified2020-02-25
    plugin id134014
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134014
    titleEulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1364.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
    last seen2020-04-07
    modified2020-04-02
    plugin id135151
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135151
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_80_0_3987_87.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 80.0.3987.87. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_02_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-02-04
    plugin id133464
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133464
    titleGoogle Chrome < 80.0.3987.87 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1562.NASL
    descriptionAccording to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19924) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.(CVE-2019-20218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136265
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136265
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0270_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-03-17
    modified2020-02-06
    plugin id133503
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133503
    titlePhoton OS 1.0: Sqlite PHSA-2020-1.0-0270
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0514.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-02
    modified2020-02-18
    plugin id133749
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133749
    titleRHEL 6 : chromium-browser (RHSA-2020:0514)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-189.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed : - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
    last seen2020-05-31
    modified2020-02-10
    plugin id133593
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133593
    titleopenSUSE Security Update : chromium (openSUSE-2020-189)

Redhat

advisories
rhsa
idRHSA-2020:0514
rpms
  • chromium-browser-0:80.0.3987.87-1.el6_10
  • chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10