Main Vulnerability Database Vulnerabilities #VU24065

#VU24065 Memory leak in SQLite - CVE-2019-20218

Published: January 7, 2020 / Updated: January 22, 2020

Vulnerability identifier: #VU24065

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20218

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SQLite

Software vendor:
SQLite

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak within the selectExpander() function in select.c in SQLite, caused by incorrect exception handling, related to stack unwinding. A remote attacker can trigger with ability to modify the WITH SQL query can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387

#VU24065 Memory leak in SQLite - CVE-2019-20218

Description

Remediation

External links

Please verify you're human