Main Vulnerability Database Vulnerabilities #VU24065

Memory leak in SQLite - CVE-2019-20218

Published: January 7, 2020 / Updated: January 22, 2020

Vulnerability identifier: #VU24065

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20218

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SQLite

Affected software:
SQLite

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak within the selectExpander() function in select.c in SQLite, caused by incorrect exception handling, related to stack unwinding. A remote attacker can trigger with ability to modify the WITH SQL query can gain access to potentially sensitive information.

How to mitigate CVE-2019-20218

Install updates from vendor's website.

Sources

https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387

Memory leak in SQLite - CVE-2019-20218

Detailed vulnerability description

How to mitigate CVE-2019-20218

Sources

Please verify you're human