Description

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Remediation

References

CVE-2019-19880

Related Vulnerabilities

Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)

Oracle Database Server CVE-2010-0866 Vulnerability (CVE-2010-0866)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)

MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)

MySQL CVE-2016-5442 Vulnerability (CVE-2016-5442)

Severity

High

Classification

CVE-2019-19880 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities