cve/CVE-2019-16168.md at 62ebb3dfdf0b58e0e304dbaac83a14f3d931b83d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

POC

Reference

https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html

Github

https://github.com/fredrkl/trivy-demo
https://github.com/garethr/snykout

937 B Raw Blame History

CVE-2019-16168

Description

POC

Reference

Github

937 B

Raw Blame History