Vulnerabilities > CVE-2019-19959
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 3 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1810.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-04-30 modified 2020-04-28 plugin id 136056 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136056 title RHEL 8 : sqlite (RHSA-2020:1810) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1810. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136056); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29"); script_cve_id( "CVE-2019-8457", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959" ); script_xref(name:"RHSA", value:"2020:1810"); script_name(english:"RHEL 8 : sqlite (RHSA-2020:1810)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames (CVE-2019-19959) - sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/391.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/626.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1810"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13752"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13753"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19923"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19924"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19925"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19959"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8457"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716881"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1781999"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1782000"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788842"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788846"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788866"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1789595"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 125, 391, 476, 626); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8::baseos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-libs"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'lemon-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-doc-3.26.0-6.el8', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-debugsource / etc'); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0204_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133500 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133500 title Photon OS 2.0: Sqlite PHSA-2020-2.0-0204 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0055_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133506 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133506 title Photon OS 3.0: Sqlite PHSA-2020-3.0-0055 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4298-1.NASL description It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-11 plugin id 134402 published 2020-03-11 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134402 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1180.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-05-03 modified 2020-02-25 plugin id 134014 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134014 title EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1364.NASL description According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-04-07 modified 2020-04-02 plugin id 135151 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135151 title EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0270_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-03-17 modified 2020-02-06 plugin id 133503 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133503 title Photon OS 1.0: Sqlite PHSA-2020-1.0-0270
Redhat
| rpms |
|
References
- https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec
- https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1
- https://security.netapp.com/advisory/ntap-20200204-0001/
- https://usn.ubuntu.com/4298-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html