CVE-2019-16168

Published Sep 9, 2019

Last updated 10 days ago

CVSS medium 6.5

Overview

Description: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Source: cve@mitre.org
NVD status: Modified
Products: sqlite, active_iq_unified_manager, e-series_santricity_os_controller, oncommand_insight, oncommand_workflow_automation, ontap_select_deploy_administration_utility, santricity_unified_manager, steelstore_cloud_integrated_storage, ubuntu_linux, fedora, debian_linux, nessus_agent, communications_design_studio, jdk, jre, mysql, outside_in_technology, solaris, zfs_storage_appliance, policy_auditor

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-369
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-369

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "199DADF1-CA17-4BA1-B94D-251AD1F5FB63",
            "versionEndIncluding": "3.29.0",
            "versionStartIncluding": "3.8.5",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
            "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
            "versionStartIncluding": "7.3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
            "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
            "versionStartIncluding": "9.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
            "versionEndIncluding": "11.60.3",
            "versionStartIncluding": "11.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
            "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
            "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AE953762-7CCA-4EF3-BAE1-4F04F5BB22E3",
            "versionEndIncluding": "8.2.3",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
            "matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update231:*:*:*:*:*:*",
            "matchCriteriaId": "45E3A969-BFC2-45E2-B301-813E9335FC5D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "42EEFA46-41D0-402B-AD80-85345913DF32",
            "versionEndIncluding": "8.0.18",
            "versionStartIncluding": "8.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
            "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "18096778-19E1-434F-BD96-A9FBF11A8C81",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB739B3A-20BB-4118-82DD-7ACFE5881FE2",
            "versionEndExcluding": "6.5.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References