Description

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Remediation

References

CVE-2019-16168

Related Vulnerabilities

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)

Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3063)

WordPress Plugin Votecount for Balatarin Cross-Site Scripting (0.1.1)

Severity

Medium

Classification

CVE-2019-16168 CWE-369 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities