CVE-2019-19959

Published: Jan 3, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1

x_refsource_MISC

https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200204-0001/

x_refsource_CONFIRM

USN-4298-1

vendor-advisory

x_refsource_UBUNTU

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-19959

Description

Affected Products

References