CVE-2019-19923 in Ubuntu

CVE-2019-19923

Priority

Description

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of
SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a
view. This can cause a NULL pointer dereference (or incorrect results).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
https://ubuntu.com/security/notices/USN-4298-1

Assigned-to

mdeslaur

Notes

Package

Source: sqlite3 (LP Ubuntu Debian)

Upstream:	released (3.30.1+fossil191229-1)
Ubuntu 18.04 LTS:	released (3.22.0-1ubuntu0.3)
Ubuntu 16.04 ESM:	not-affected (code not present)
Ubuntu 14.04 ESM:	not-affected (code not present)

Patches:

Upstream:

https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 13:53:39 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)