Description

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Remediation

References

CVE-2019-19880

Related Vulnerabilities

WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)

WordPress Plugin WPFront User Role Editor Unspecified Vulnerability (2.14.1)

WordPress Plugin WP-BlipBot Cross-Site Scripting (3.0.9)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7944)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7951)

Severity

High

Classification

CVE-2019-19880 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities