{"id":"CVE-2019-19242","details":"SQLite 3.30.1 mishandles pExpr-\u003ey.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.","modified":"2026-01-30T08:53:17.101936Z","published":"2019-11-27T17:15:14.230Z","related":["MGASA-2020-0070"],"references":[{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"ADVISORY","url":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4205-1/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"FIX","url":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"0"},{"fixed":"57f7ece78410a8aae86aa4625fb7556897db384c"}]}],"versions":["cvs-to-fossil-cutover","experimental","fts3-refactor","version-3.10.0","version-3.11.0","version-3.11.1","version-3.12.0","version-3.13.0","version-3.14.0","version-3.15.0","version-3.16.0","version-3.19.0","version-3.19.1","version-3.19.2","version-3.21.0","version-3.22.0","version-3.23.0","version-3.23.1","version-3.24.0","version-3.25.0","version-3.26.0","version-3.27.0","version-3.28.0","version-3.29.0","version-3.30.0","version-3.6.10","version-3.6.15","version-3.7.10","version-3.7.11","version-3.7.12","version-3.7.12.1","version-3.7.13","version-3.7.14","version-3.7.15","version-3.7.16","version-3.7.16.1","version-3.7.16.2","version-3.7.17","version-3.7.2","version-3.7.4","version-3.7.5","version-3.7.6","version-3.7.6.1","version-3.7.7","version-3.7.8","version-3.7.9","version-3.8.0","version-3.8.1","version-3.8.10","version-3.8.10.1","version-3.8.11","version-3.8.11.1","version-3.8.2","version-3.8.3","version-3.8.4","version-3.8.4.1","version-3.8.5","version-3.8.6","version-3.8.7","version-3.8.7.1","version-3.8.8","version-3.8.9","version-3.9.0","version-3.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19242.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2019-19242-03a69a64","digest":{"threshold":0.9,"line_hashes":["272171035038571025389595851029157703074","267442456182522856045235945392506900464","118415636789467465061053839391898871037","206027221619297694965688112644458520441"]},"deprecated":false,"target":{"file":"src/wherecode.c"},"source":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2019-19242-56baf8c3","digest":{"length":334,"function_hash":"219203062469301619849027150853221467284"},"deprecated":false,"target":{"file":"src/wherecode.c","function":"whereIndexExprTransColumn"},"source":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","signature_version":"v1"},{"signature_type":"Line","id":"CVE-2019-19242-59c37900","digest":{"threshold":0.9,"line_hashes":["73196936375848863988946647638199175336","54061856683093212388608604271662140636","187896069255515307547888284833172571856","94603599993386840175216938376850118166"]},"deprecated":false,"target":{"file":"src/expr.c"},"source":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2019-19242-a996fa2a","digest":{"length":16927,"function_hash":"112052855901138366623425549513834949919"},"deprecated":false,"target":{"file":"src/expr.c","function":"sqlite3ExprCodeTarget"},"source":"https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c","signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}