CVE-2019-19317

moderate-risk

Published 2019-12-05

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Do I need to act?

0.98% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 522ebfa7cee96fb325a22ea3a2464a63485886a8, 73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Sqlite

Cloud Backup

Ontap Select Deploy Administration Utility

Mysql Workbench

Sinec Infrastructure Network Services

Affected Vendors

Oracle Siemens Netapp Sqlite

References (10)

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8

Patch https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3

Third Party Advisory https://security.netapp.com/advisory/ntap-20191223-0001/

Patch https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8

Patch https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3

Third Party Advisory https://security.netapp.com/advisory/ntap-20191223-0001/

Patch https://www.oracle.com/security-alerts/cpuapr2020.html

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 12/34 · Low