{"id":"CVE-2019-8457","details":"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.","modified":"2026-05-13T04:02:59.102371948Z","published":"2019-05-30T16:29:01.840Z","related":["SUSE-SU-2019:14083-1","SUSE-SU-2019:1522-1","SUSE-SU-2019:1601-1","SUSE-SU-2021:3215-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"16.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"18.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"18.10"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"19.04"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"29"}]},{"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"30"}]},{"cpe":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"42.3"}]}]},"references":[{"type":"WEB","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190606-0002/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4004-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4004-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4019-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4019-2/"},{"type":"ADVISORY","url":"https://www.sqlite.org/releaselog/3_28_0.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"FIX","url":"https://www.sqlite.org/src/info/90acdbfce9c08858"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"807b79e7658625f3781a0fb4e2ec268258bab55d"},{"last_affected":"7e09d68476573ed9ef5ef90807e39292b2d81b78"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.6.0"},{"last_affected":"3.27.2"}]}}],"versions":["version-3.27.2","version-3.27.1","version-3.27.0","version-3.26.0","version-3.25.0","version-3.24.0","version-3.23.1","version-3.23.0","version-3.22.0","version-3.16.0","version-3.15.0","version-3.8.9","version-3.14.0","version-3.13.0","version-3.12.0","version-3.11.0","version-3.10.0","version-3.9.0","version-3.8.11.1","version-3.8.11","version-3.7.11","version-3.8.10.1","version-3.8.10","version-3.8.8","version-3.8.7","version-3.8.6","version-3.8.5","version-3.7.8","version-3.8.4.1","version-3.8.4","version-3.8.3","version-3.8.2","version-3.8.1","version-3.8.0","version-3.7.17","version-3.7.16.1","version-3.7.16","version-3.7.15","version-3.7.9","version-3.7.14","version-3.7.13","version-3.7.12.1","version-3.7.12","version-3.7.10","version-3.7.7","version-3.7.5","version-3.7.6.1","version-3.7.6","version-3.7.4","version-3.7.2","version-3.7.3","version-3.7.1","version-3.7.0","version-3.6.23","version-3.6.22","version-3.6.1","version-3.6.21","version-3.6.20","version-3.6.16","version-3.6.19","version-3.6.18","version-3.6.17","version-3.6.15","version-3.6.14","version-3.6.13","version-3.6.12","version-3.6.11","version-3.6.10","version-3.6.9","version-3.6.8","version-3.6.7","version-3.6.6","version-3.6.5","version-3.6.4","version-3.6.3","version-3.6.2","version-3.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8457.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}