1783305 – (CVE-2019-19645) CVE-2019-19645 sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements

Bug 1783305 (CVE-2019-19645) - CVE-2019-19645 sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements

Summary: CVE-2019-19645 sqlite: infinite recursion via certain types of self-referenti...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-19645
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1783306 1783307 1783309 1787525 1787526
Blocks:	1783308
TreeView+	depends on / blocked

Reported:	2019-12-13 14:48 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-10-25 22:13 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-25 22:13:56 UTC

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-12-13 14:48:35 UTC

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

Reference and upstream commit:
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06

Comment 1 Guilherme de Almeida Suckevicz 2019-12-13 14:48:57 UTC

Created mingw-sqlite tracking bugs for this issue:

Affects: epel-7 [bug 1783307]
Affects: fedora-all [bug 1783309]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1783306]

Comment 3 Huzaifa S. Sidhpurwala 2020-01-03 09:24:38 UTC

Basically DoS due to infinite recursion and stack exhaustion.

Note You need to log in before you can comment on or make changes to this bug.