Unrated severityNVD Advisory· Published May 30, 2019· Updated Aug 4, 2024
CVE-2019-8457
CVE-2019-8457
Description
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- SQLite3/SQLite3description
- osv-coords29 versionspkg:rpm/suse/sqlite3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/sqlite3&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 3.36.0-9.18.1+ 28 more
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.7.6.3-1.4.7.9.1
- (no CPE)range: < 3.7.6.3-1.4.7.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.8.3.1-2.12.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.8.10.2-9.9.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
- (no CPE)range: < 3.36.0-9.18.1
Patches
Vulnerability mechanics
References
15- lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4004-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4004-2/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4019-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4019-2/mitrevendor-advisoryx_refsource_UBUNTU
- kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20190606-0002/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2020.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlmitrex_refsource_MISC
- www.sqlite.org/releaselog/3_28_0.htmlmitrex_refsource_MISC
- www.sqlite.org/src/info/90acdbfce9c08858mitrex_refsource_MISC
News mentions
1- ABB B&R Automation StudioCISA ICS Advisories