SQLite 3.30.1 resolve.c lookupName escalada de privilegios

ArtículoeditarHistoryDiffjsonxmlCTI

Una vulnerabilidad ha sido encontrada en SQLite 3.30.1 y clasificada como crítica. La función lookupName del archivo resolve.c es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Campo2019-12-05 18:122019-12-05 18:17
nameSQLiteSQLite
version3.30.13.30.1
fileresolve.cresolve.c
functionlookupNamelookupName
risk22
historic00
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.58.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1575504000 (2019-12-05)1575504000 (2019-12-05)
price_0day$5k-$25k$5k-$25k
cveCVE-2019-19317CVE-2019-19317
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore9.89.8
cwe020 (escalada de privilegios)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cve_assigned1574726400
cve_nvd_summarylookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Interested in the pricing of exploits?

See the underground prices here!