Description

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

Remediation

References

CVE-2019-9936

Related Vulnerabilities

Grafana CVE-2023-4822 Vulnerability (CVE-2023-4822)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

PostgreSQL Other Vulnerability (CVE-2004-0547)

WordPress Plugin LeagueManager SQL Injection (3.8)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)

Severity

High

Classification

CVE-2019-9936 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities