Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-16168

Divide By Zero

Published: Sep 09, 2019 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-16168
CWEhttps://cwe.mitre.org/data/definitions/369.html

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner.

Weakness

The product divides a value by zero.

Affected Software

Name Vendor Start Version End Version
Sqlite Sqlite 3.8.5 (including) 3.29.0 (including)
Sqlite3 Ubuntu bionic *
Sqlite3 Ubuntu disco *
Sqlite3 Ubuntu trusty *
Sqlite3 Ubuntu upstream *
Sqlite3 Ubuntu xenial *
Red Hat Enterprise Linux 8 RedHat sqlite-0:3.26.0-11.el8 *
Red Hat Enterprise Linux 8 RedHat mingw-binutils-0:2.30-3.el8 *
Red Hat Enterprise Linux 8 RedHat mingw-bzip2-0:1.0.6-14.el8 *
Red Hat Enterprise Linux 8 RedHat mingw-filesystem-0:104-2.el8 *
Red Hat Enterprise Linux 8 RedHat mingw-sqlite-0:3.26.0.0-1.el8 *
Red Hat Enterprise Linux 8 RedHat sqlite-0:3.26.0-11.el8 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use