CVE-2019-19645
Published: 9 December 2019
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| disco |
Not vulnerable
(code not present)
|
|
| eoan |
Not vulnerable
(code not present)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(3.29.0-2ubuntu0.3)
|
|
| focal |
Not vulnerable
(3.31.1-1ubuntu1)
|
|
| precise |
Ignored
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
Notes
| Author | Note |
|---|---|
| mdeslaur | The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645
- https://ubuntu.com/security/notices/USN-4394-1
- NVD
- Launchpad
- Debian