CVE-2019-19925
HIGH WAF: Medium
CVSS 7.5
Published: 2019-12-24
CWE-434
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sqlite | sqlite | 3.30.1 |
| siemens | sinec_infrastructure_network_services | up to 1.0.1.1 |
| oracle | mysql_workbench | up to 8.0.19 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| suse | package_hub | - |
| opensuse | backports_sle | 15.0 |
References
- lists.opensuse.org (Mailing List, Third Party Advisory)
- lists.opensuse.org (Mailing List, Third Party Advisory)
- lists.opensuse.org (Mailing List, Third Party Advisory)
- access.redhat.com (Third Party Advisory)
- cert-portal.siemens.com (Patch, Third Party Advisory)
- github.com (Patch, Third Party Advisory)
- security.netapp.com (Third Party Advisory)
- usn.ubuntu.com (Broken Link)
- www.debian.org (Third Party Advisory)
- www.oracle.com (Patch, Third Party Advisory)