CVE-2019-16168
Published: 09 September 2019
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Priority
CVSS 3 base score: 6.5
Status
Package | Release | Status |
---|---|---|
sqlite3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.29.0-2)
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(3.29.0-2)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(3.22.0-1ubuntu0.2)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(3.11.0-1ubuntu1.3)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code not present)
|
|
Patches: Upstream: https://www.sqlite.org/src/info/d93508fc9913cfe6 Upstream: https://www.sqlite.org/src/timeline?c=98357d8c1263920b |