CVE-2019-19645

Name
CVE-2019-19645
Description
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
CONFIRM https://security.netapp.com/advisory/ntap-20191223-0001/
N/A https://www.oracle.com/security-alerts/cpuapr2020.html
UBUNTU https://usn.ubuntu.com/4394-1/
CONFIRM https://www.tenable.com/security/tns-2021-14

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= None <= 3.30.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite 3.11-main 3.30.1-r2 Carlo Landmeter <clandmeter@gmail.com> possibly vulnerable