CVE-2019-19880 — chromium - security update

Description

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

How to fix CVE-2019-19880

To remediate CVE-2019-19880, upgrade the affected package to a fixed version below.

Debian/chromium—upgrade to 80.0.3987.106-1 or later
—upgrade to 80.0.3987.132-1~deb10u1 or later
—upgrade to 3.30.1+fossil191229-1 or later

Is CVE-2019-19880 being exploited?

Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 80.0.3987.106-1
from 0, < 80.0.3987.132-1~deb10u1
from 0, < 3.30.1+fossil191229-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-19880