CVE-2019-19242

Description

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

How to fix CVE-2019-19242

To remediate CVE-2019-19242, upgrade the affected package to a fixed version below.

• Alpine/sqlite—upgrade to 3.28.0-r2 or later
• Debian/sqlite3—upgrade to 3.30.1+fossil191229-1 or later

Is CVE-2019-19242 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 3.28.0-r2
• from 0, < 3.30.1+fossil191229-1

CVSS scores

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2019-19242
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-19242