SQLite 3.30.1 Vulnerability in Stack Unwinding Process
CVE-2019-20218
7.5HIGH
What is CVE-2019-20218?
The vulnerability in SQLite 3.30.1 arises from the selectExpander function in select.c, which incorrectly continues WITH stack unwinding despite encountering a parsing error. This flaw poses a risk of inconsistent application behavior, potentially impacting data integrity and processing flows.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved