CVE-2019-16168
moderate-risk
Published 2019-09-09
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Do I need to act?
-
0.84% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Nessus Agent
Communications Design Studio
Communications Design Studio
Communications Design Studio
References (34)
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Third Party Advisory
https://security.gentoo.org/glsa/202003-16
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190926-0003/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0003/
Third Party Advisory
https://usn.ubuntu.com/4205-1/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://www.tenable.com/security/tns-2021-08
Third Party Advisory
https://www.tenable.com/security/tns-2021-11
Third Party Advisory
https://www.tenable.com/security/tns-2021-14
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
and 14 more references
49
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
3/34 · Minimal
Exposure
22/34 · High