CVE-2019-16168

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2019-16168

Naumowicz, Ken E
Hello,

I need to know if there is a security patch for this CVE on Windows Server 2012:

Java SE Vulnerability CVE-2019-16168 Related to JavaFX (SQLite)   <<<=== https://www.symantec.com/security-center/vulnerabilities/writeup/111496
   > NO UPDATE/PATCH FOUND at SQLite - SQLite Homepage (https://www.sqlite.org/)

Thanks...

Ken Naumowicz
Sr. IT Application Consultant - EMS/SCADA Application Design and Engineering
WEC Energy Group - WEC Business Services (WBS)
office: 262-544-7239
email: [hidden email]


_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-16168

Richard Hipp-3
On 1/24/20, Naumowicz, Ken E <[hidden email]> wrote:

> Hello,
>
> I need to know if there is a security patch for this CVE on Windows Server
> 2012:
>
> Java SE Vulnerability CVE-2019-16168 Related to JavaFX (SQLite)   <<<===
> https://www.symantec.com/security-center/vulnerabilities/writeup/111496
>    > NO UPDATE/PATCH FOUND at SQLite - SQLite Homepage
> (https://www.sqlite.org/)
>

I think this CVE must be referring to a bug that allows an attacker to
cause a divide-by-zero by modifying the schema and then injecting an
SQL query of their own choosing.  If so, that bug has been fixed in
the latest release.  In fact, all known bugs have been fixed in the
latest release.

On the other hand, I don't know of any mechanism on Windows Server
2012 by which an attacker can modify the schema of an SQLite database
and then inject arbitrary SQL.  So it is not clear to me that this is
really a vulnerability.

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users