nvd-json-data-feeds/CVE-2019/CVE-2019-99xx/CVE-2019-9936.json

{
  "id": "CVE-2019-9936",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-03-22T08:29:00.607",
  "lastModified": "2020-08-23T01:15:12.027",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c."
    },
    {
      "lang": "es",
      "value": "En SQLite 3.27.2, la ejecuci\u00f3n de las consultas de prefijo fts5 en una transacci\u00f3n podr\u00eda desencadenar una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en fts5HashEntrySort en sqlite3.c, lo que podr\u00eda conducir a una fuga de informaci\u00f3n. Esto est\u00e1 relacionado con ext/fts5/fts5_hash.c."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sqlite:sqlite:3.27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D25C0F-15FD-444C-A0BC-D390862CFD15"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/107562",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.gentoo.org/glsa/201908-09",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20190416-0005/",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://sqlite.org/src/info/b3fa58dd7403dbd4",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://usn.ubuntu.com/4019-1/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      "source": "cve@mitre.org"
    }
  ]
}