CVE-2019-19646

high-risk
Published 2019-12-09

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Do I need to act?

~
7.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 926f796e8feec15f3836aa0a060ed906f8ae04d3, ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Oracle Siemens Netapp Sqlite Tenable

References (14)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Third Party Advisory https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
Patch https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
Third Party Advisory https://security.netapp.com/advisory/ntap-20191223-0001/
Patch https://www.oracle.com/security-alerts/cpuapr2020.html
Vendor Advisory https://www.sqlite.org/
Third Party Advisory https://www.tenable.com/security/tns-2021-14
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Third Party Advisory https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
Patch https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
Third Party Advisory https://security.netapp.com/advisory/ntap-20191223-0001/
Patch https://www.oracle.com/security-alerts/cpuapr2020.html
Vendor Advisory https://www.sqlite.org/
Third Party Advisory https://www.tenable.com/security/tns-2021-14
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 9/34 · Low
Exposure 13/34 · Low