CVE-2019-19603
Publication date 9 December 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Status
Package | Ubuntu Release | Status |
---|---|---|
sqlite | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
sqlite3 | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Ignored |
Notes
mdeslaur
The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4394-1
- SQLite vulnerabilities
- 10 June 2020