CVE-2019-16168
Summary
| CVE | CVE-2019-16168 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-09 17:15:00 UTC |
| Updated | 2023-11-07 03:05:00 UTC |
| Description | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." |
Risk And Classification
Problem Types: CWE-369
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Application | Mcafee | Policy Auditor | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Santricity Unified Manager | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Application | Oracle | Communications Design Studio | 7.3.4.3.0 | All | All | All |
| Application | Oracle | Communications Design Studio | 7.3.5.5.0 | All | All | All |
| Application | Oracle | Communications Design Studio | 7.4.0.4.0 | All | All | All |
| Application | Oracle | Jdk | 1.8.0 | update231 | All | All |
| Application | Oracle | Jre | 1.8.0 | update231 | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Outside In Technology | 8.5.4 | All | All | All |
| Operating System | Oracle | Solaris | 11 | All | All | All |
| Operating System | Oracle | Zfs Storage Appliance | 8.8 | All | All | All |
| Application | Sqlite | Sqlite | All | All | All | All |
| Application | Tenable | Nessus Agent | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-4205-1: SQLite vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2019:2300-1: moderate: Security update f | SUSE | lists.opensuse.org | Third Party Advisory |
| [SECURITY] Fedora 30 Update: sqlite-3.26.0-7.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| January 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| SQLite: Timeline | MISC | www.sqlite.org | Patch |
| [R1] Nessus Agent 8.2.4 Fixes Multiple Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| [R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-15719, CVE-2019-1543, CVE-2019-1547, CVE-2019-1552, CVE-2019-1563, CVE-2019-8457, CVE-2018-20506, CVE-2018-20346, CVE-2019-16168, CVE-2017-12627) | CONFIRM | kc.mcafee.com | |
| [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| [SECURITY] Fedora 30 Update: sqlite-3.26.0-7.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 2340-1] sqlite3 security update | MLIST | lists.debian.org | |
| [sqlite] divide-by-zero bug in whereLoopAddBtreeIndex function | www.mail-archive.com | ||
| [sqlite] divide-by-zero bug in whereLoopAddBtreeIndex function | MISC | www.mail-archive.com | Third Party Advisory |
| CVE-2019-16168 SQLite Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| [security-announce] openSUSE-SU-2019:2298-1: moderate: Security update f | SUSE | lists.opensuse.org | Third Party Advisory |
| SQLite: View Ticket | MISC | www.sqlite.org | Third Party Advisory |
| SQLite: Multiple vulnerabilities (GLSA 202003-16) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296077 Oracle Solaris 11.4 Support Repository Update (SRU) 18.4.0 Missing (CPUJAN2020)
- 375654 Tenable Nessus Multiple Vulnerabilities (TNS-2021-11)
- 375656 Tenable Nessus Agent Multiple Vulnerabilities (TNS-2021-08)
- 375811 Azul Java Multiple Vulnerabilities Security Update January 2020
- 377330 Alibaba Cloud Linux Security Update for mingw packages (ALINUX3-SA-2022:0121)
- 377341 Alibaba Cloud Linux Security Update for sqlite (ALINUX3-SA-2022:0111)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 751168 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2021:3215-1)
- 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
- 940088 AlmaLinux Security Update for mingw (ALSA-2021:1968)
- 940337 AlmaLinux Security Update for sqlite (ALSA-2020:4442)
- 960229 Rocky Linux Security Update for mingw (RLSA-2021:1968)