Bug 1768986 (CVE-2019-16168)
| Summary: | CVE-2019-16168 sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | databases-maint, drizt72, erik-fedora, fedora, itamar, mbenatto, mschorm, odubaj, pkubat, praiskup, rh-spice-bugs, rjones, wilmer5 |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 02:22:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1768987, 1768988, 1768989, 1826897, 1826898 | ||
| Bug Blocks: | 1768990 | ||
|
Description
Guilherme de Almeida Suckevicz
2019-11-05 17:46:27 UTC
Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1768989] Affects: fedora-all [bug 1768988] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1768987] Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1768989] Affects: fedora-all [bug 1768988] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1768987] Statement: The SQLite package as shipped with Red Hat Enterprise Linux 7 and previous versions are not affected by this flaw. The bug was introduced on sqlite-3.8.5 while Red Hat Enterprise Linux 7 and previous releases ships sqlite <= 3.7.17. There's a flaw on SQLite during query planning. SQLite allows the user to collect query statistics to be further used to optimize query planing via ANALYZE command. The ANALYZE command stores statistical information within a per-database internal table and one of that data stored is the estimated data size per row of the table being analyzed. The size value is further used during planing on a mathematical expression but is not previously validated. An attack may leverage this weakness by inserting a record into stats internal table setting the size to zero, leading to a division by zero exception causing DoS. To an attack be completed successfully the end user needs to be tricked to run an INSERT command on the sqlite_state1 table in order to force the Division By Zero error on whereLoopAddBtreeIndex() function during query planing phase. Mitigation: An user can mitigate the risk of this vulnerability by: 1) Avoid using ANALYZE command on queries; 2) Disabling the PRAGMA optimize for affected SQLite instances; This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4442 https://access.redhat.com/errata/RHSA-2020:4442 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-16168 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1968 https://access.redhat.com/errata/RHSA-2021:1968 |