ALPINE-CVE-2019-16168

ALPINE-CVE-2019-16168 PUBLISHED CVSS 6.5 MEDIUM

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.8	sqlite	0, 3.10.2-r2, 3.11.1-r2
Alpine:v3.9	sqlite	3.10.2-r2, 3.11.0-r2, 3.11.1-r2
Alpine:v3.10	sqlite	3.12.1-r2, 0, 3.10.2-r2

Timeline

Sep 9, 2019 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-16168 advisory

Open in Interactive Console →