View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2019-9936 severity low: SUSE including 413 source package names (0.1.0:libsqlite3-0-3.28.0-3.6.1, 0.1.75:libsqlite3-0-3.28.0-3.6.1, …), 1018 product×package rows across 530 product lines (Container bci/bci-init, Container bci/bci-sle15-kernel-module-devel, … (530 product lines)): Fixed 699, Known Not Affected 162, Known Affected 157.
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.