Bug 1786743 (CVE-2019-19646) - CVE-2019-19646 sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns
Summary: CVE-2019-19646 sqlite: pragma.c mishandles NOT NULL in an integrity_check PRA...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-19646
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1786744 1786745 1786747
Blocks: 1786746
TreeView+ depends on / blocked
 
Reported: 2019-12-27 17:04 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 20:49 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-21 06:14:28 UTC


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-12-27 17:04:18 UTC
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

References and upstream commits:
https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd

Comment 1 Guilherme de Almeida Suckevicz 2019-12-27 17:06:31 UTC
Created mingw-sqlite tracking bugs for this issue:

Affects: epel-7 [bug 1786747]
Affects: fedora-all [bug 1786744]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1786745]

Comment 2 Huzaifa S. Sidhpurwala 2020-02-21 06:14:32 UTC
Statement:

This flaw only affects sqlite databases which contain generated columns. The support for generated columns was added to sqlite-3.31.0 (https://sqlite.org/gencol.html). Therefore sqlite packages shipped with Red Hat products are not vulnerable to this flaw.


Note You need to log in before you can comment on or make changes to this bug.