Description

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

Remediation

References

CVE-2019-9936

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13761)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3529)

WordPress Plugin Visitor Traffic Real Time Statistics Unspecified Vulnerability (2.13)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.6.3)

Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)

Severity

High

Classification

CVE-2019-9936 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities