CVE-2019-8457

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-8457
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8457.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-8457
Downstream
Related
Published
2019-05-30T16:29:01.840Z
Modified
2026-03-20T11:30:43.874790Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

References

Affected packages

Git / github.com/sqlite/sqlite

Affected ranges

Type
GIT
Repo
https://github.com/sqlite/sqlite
Events
Introduced
807b79e7658625f3781a0fb4e2ec268258bab55d
Last affected
7e09d68476573ed9ef5ef90807e39292b2d81b78
Database specific 
{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.27.2"
        }
    ]
}

Affected versions

Other
cvs-to-fossil-cutover
experimental
fts3-refactor
version-3.*
version-3.10.0
version-3.11.0
version-3.11.1
version-3.12.0
version-3.13.0
version-3.14.0
version-3.15.0
version-3.16.0
version-3.19.0
version-3.19.1
version-3.19.2
version-3.21.0
version-3.22.0
version-3.23.0
version-3.23.1
version-3.24.0
version-3.25.0
version-3.26.0
version-3.27.0
version-3.27.1
version-3.27.2
version-3.6.0
version-3.6.1
version-3.6.10
version-3.6.11
version-3.6.12
version-3.6.13
version-3.6.14
version-3.6.15
version-3.6.16
version-3.6.17
version-3.6.18
version-3.6.19
version-3.6.2
version-3.6.20
version-3.6.21
version-3.6.22
version-3.6.23
version-3.6.3
version-3.6.4
version-3.6.5
version-3.6.6
version-3.6.7
version-3.6.8
version-3.6.9
version-3.7.0
version-3.7.1
version-3.7.10
version-3.7.11
version-3.7.12
version-3.7.12.1
version-3.7.13
version-3.7.14
version-3.7.15
version-3.7.16
version-3.7.16.1
version-3.7.16.2
version-3.7.17
version-3.7.2
version-3.7.3
version-3.7.4
version-3.7.5
version-3.7.6
version-3.7.6.1
version-3.7.7
version-3.7.8
version-3.7.9
version-3.8.0
version-3.8.1
version-3.8.10
version-3.8.10.1
version-3.8.11
version-3.8.11.1
version-3.8.2
version-3.8.3
version-3.8.4
version-3.8.4.1
version-3.8.5
version-3.8.6
version-3.8.7
version-3.8.7.1
version-3.8.8
version-3.8.9
version-3.9.0
version-3.9.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "29"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "42.3"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8457.json"