CVE-2019-16168
Description
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.866
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231 | Windows |
| Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231(x64) | Windows |
| Multiple vulnerabilities affected in Oracle Java SE 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE 8u311 (x64) | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement -Kit 8u311 | Windows |
| Multiple vulnerabilities affected in Oracle Java SE Developement Kit 8u311 (x64) | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.18 | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 231 (64-bit) | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 231 (64-bit) | Windows |
| Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.2310 | Windows |
| Vulnerabilities CVE-2019-16168,CVE-2021-3450 are fixed in Nessus Agent (8.2.4.20047) | Windows |
| Vulnerabilities CVE-2019-16168,CVE-2021-3450 are fixed in Nessus Agent (x64) (8.2.4.20047) | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.44 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.44 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.37 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.29 | Windows |
| Vulnerabilities CVE-2019-16168 are affected in MySQL Workbench Enterprise Edition 8.0.18 | Windows |
| Vulnerabilities CVE-2019-16168 are affected in MySQL Workbench CE (x64) 8.0.18 | Windows |
| Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Nessus 8.15.0 | Windows |
| Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Tenable Nessus 8.15.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-32bit-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-32bit-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-debuginfo-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2536-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-debugsource-3.8.10.2-9.12.1.x86_64.rpm | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.11.0-1ubuntu1.3_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.11.0-1ubuntu1.3_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.22.0-1ubuntu0.2_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.22.0-1ubuntu0.2_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.27.2-2ubuntu0.2_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.27.2-2ubuntu0.2_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.29.0-2ubuntu0.1_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) sqlite3_3.29.0-2ubuntu0.1_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.11.0-1ubuntu1.3_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.11.0-1ubuntu1.3_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.22.0-1ubuntu0.2_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.22.0-1ubuntu0.2_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.27.2-2ubuntu0.2_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.27.2-2ubuntu0.2_amd64.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.29.0-2ubuntu0.1_i386.deb | Linux |
| C library that implements an SQL database engine (USN-4205-1) libsqlite3-0_3.29.0-2ubuntu0.1_amd64.deb | Linux |
| (RHSA-2020:4442) sqlite security update lemon-3.26.0-11.el8.x86_64.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-3.26.0-11.el8.i686.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-3.26.0-11.el8.x86_64.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-debugsource-3.26.0-11.el8.i686.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-debugsource-3.26.0-11.el8.x86_64.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-devel-3.26.0-11.el8.i686.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-devel-3.26.0-11.el8.x86_64.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-doc-3.26.0-11.el8.noarch.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-libs-3.26.0-11.el8.i686.rpm | Linux |
| (RHSA-2020:4442) sqlite security update sqlite-libs-3.26.0-11.el8.x86_64.rpm | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.18 (For Linux) | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 (For Linux) | Linux |
| Divide By Zero Vulnerability (CVE-2019-16168) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323264 | Java 8 Update 321 (8.0.3210.7) (JRE) |
| PATCH-323263 | Java 8 Update 321 (64-bit) (8.0.3210.7) (JRE) |
| PATCH-323267 | Java SE Development Kit 8 Update 321 (32-bit) (8.0.3210.7) (JDK) |
| PATCH-323266 | Java SE Development Kit 8 Update 321 (64-bit) (8.0.3210.7) (JDK) |
| PATCH-333701 | Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required) |
| PATCH-337447 | Nessus Agent (10.6.1) |
| PATCH-337448 | Nessus Agent (x64) (10.6.1) |
| PATCH-342222 | Azul Zulu JDK 8 (MSI) (8.82.0.21) |
| PATCH-342223 | Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21) |
| PATCH-342218 | Azul Zulu JDK 11 (MSI) (x64) (11.76.21) |
| PATCH-328592 | Azul Zulu JDK 13 (13.54.17) |
| PATCH-347137 | MySQL Workbench CE (x64) (8.0.42) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234