{"id":"CVE-2019-16168","details":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"","modified":"2026-04-16T04:35:38.861118189Z","published":"2019-09-09T17:15:13.910Z","related":["ALSA-2021:1968","CGA-j835-prq6-xhwx","SUSE-SU-2019:2533-1","SUSE-SU-2019:2536-1","SUSE-SU-2021:3215-1","openSUSE-SU-2019:2298-1","openSUSE-SU-2019:2300-1","openSUSE-SU-2024:11400-1"],"references":[{"type":"WEB","url":"https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg116312.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2021-14"},{"type":"ADVISORY","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-16"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190926-0003/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"ADVISORY","url":"https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200122-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4205-1/"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2021-08"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2021-11"},{"type":"FIX","url":"https://www.sqlite.org/src/timeline?c=98357d8c1263920b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"527c12ed611f3fe072c3043734319edb2c733099"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"91a17cedb1ee880fe7915fb14cfd74c04e8d6588"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"8.0.0"},{"last_affected":"8.0.18"}]}},{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"98ecc1f3f5450757a2f532d49d33aead8d86c1f6"},{"last_affected":"ea7e83b7806773bf6a2c60786ff8f95b218d4622"}],"database_specific":{"versions":[{"introduced":"3.8.5"},{"last_affected":"3.29.0"}]}}],"versions":["mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-8.0.18","mysql-9.0.0","mysql-9.0.0-release","mysql-cluster-8.0.18","mysql-cluster-9.0.0","version-3.10.0","version-3.11.0","version-3.12.0","version-3.13.0","version-3.14.0","version-3.15.0","version-3.16.0","version-3.22.0","version-3.23.0","version-3.23.1","version-3.24.0","version-3.25.0","version-3.26.0","version-3.27.0","version-3.28.0","version-3.29.0","version-3.8.10","version-3.8.10.1","version-3.8.11","version-3.8.11.1","version-3.8.5","version-3.8.6","version-3.8.7","version-3.8.8","version-3.8.9","version-3.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16168.json","unresolved_ranges":[{"events":[{"introduced":"7.3"}]},{"events":[{"introduced":"9.5"}]},{"events":[{"introduced":"11.0.0"},{"last_affected":"11.60.3"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3.4.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3.5.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.0.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update231"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update231"}]},{"events":[{"introduced":"0"},{"last_affected":"8.5.4"}]},{"events":[{"introduced":"0"},{"last_affected":"11"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]},{"events":[{"introduced":"0"},{"fixed":"6.5.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}