Unrated severityOSV Advisory· Published Mar 22, 2019· Updated Aug 4, 2024
CVE-2019-9936
CVE-2019-9936
Description
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 3.28.0-lp150.2.6.1+ 2 more
- (no CPE)range: < 3.28.0-lp150.2.6.1
- (no CPE)range: < 3.36.0-1.2
- (no CPE)range: < 3.28.0-3.6.1
Patches
Vulnerability mechanics
References
13- lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201908-09mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4019-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/107562mitrevdb-entryx_refsource_BID
- lists.debian.org/debian-lts-announce/2020/08/msg00037.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20190416-0005/mitrex_refsource_CONFIRM
- sqlite.org/src/info/b3fa58dd7403dbd4mitrex_refsource_MISC
- www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114382.htmlmitrex_refsource_MISC
- www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg114394.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.