What is CVE-2019-8457?

CVE-2019-8457 is a critical-severity software vulnerability (Out-of-bounds read) with a CVSS score of 9.8. SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Is CVE-2019-8457 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 45%.

What products does CVE-2019-8457 affect?

Tracked products affected include SQLite, Fedora. Check the version you run to see whether it is affected.

How do I fix CVE-2019-8457?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

← All products

CVE-2019-8457

CRITICAL severity · CVSS 9.8 · Out-of-bounds read

9.8CVSS CRITICAL

Summary

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)45%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (2)

SQLite Fedora

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.htmlAdvisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
https://security.netapp.com/advisory/ntap-20190606-0002/Advisory
https://usn.ubuntu.com/4004-1/Advisory
https://usn.ubuntu.com/4004-2/Advisory
https://usn.ubuntu.com/4019-1/Advisory