VDB
CVE-2019-19880
CVE-2019-19880
REJECTED
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
EPSS 8.44% · 92.5th percentile
Risk Scores
EPSS Score
8.44%
92.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | sqlite3 | 0, 3.8.11.1-1, 3.9.1-2 |
| Ubuntu:18.04:LTS | sqlite3 | 0, 3.19.3-3, 3.20.1-2 |
Timeline
- Dec 18, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Aug 5, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 6, 2025 EPSS Score
- Apr 9, 2025 EPSS Score
- Apr 10, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19880 third-party-advisory
- https://ubuntu.com/security/notices/USN-4298-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19880 third-party-advisory