Alpaquita Linux
Security Advisory

CVE-2019-16168

Published: September 9, 2019Last modified: November 8, 2023

Description

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Severity score breakdown

ParameterValue
Base score6.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSsqliteNot affected (3.40.1-r0)
StreamsqliteNot affected (3.43.0-r0)

References

ON THIS PAGE