Heap Vulnerability in SQLite3 Affecting Multiple Versions
CVE-2019-8457

9.8CRITICAL

Key Information:

Vendor: Sqlite
Status: Sqlite
Vendor: CVE Published:; 30 May 2019

What is CVE-2019-8457?

SQLite3 is susceptible to a heap out-of-bound read vulnerability within the rtreenode() function when it processes invalid rtree tables. This flaw could enable attackers to potentially read sensitive data from the memory, posing a risk to system integrity and confidentiality. Users running versions from 3.6.0 up to 3.27.2 are strongly encouraged to review their installations and apply patches as necessary.

Affected Version(s)

SQLite From 3.6.0 to 3.27.2 including

References

https://usn.ubuntu.com/4004-1/

vendor-advisoryx_refsource_UBUNTU

https://usn.ubuntu.com/4004-2/

vendor-advisoryx_refsource_UBUNTU

https://usn.ubuntu.com/4019-1/

vendor-advisoryx_refsource_UBUNTU

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2019
Vulnerability Reserved
Feb 18, 2019

Sqlite

What is CVE-2019-8457?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline