CVE-2017-7000

Published: 03 April 2018

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (60.0.3112.78)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (61.0.3163.100-0ubuntu1.1378)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (61.0.3163.100-0ubuntu0.16.04.1306)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [61.0.3163.100-0ubuntu0.14.04.1202])
Patches:
Upstream: https://chromium.googlesource.com/chromium/src.git/+/3bfe67c9c4b45eb713326aae7a67c8f7390dae08
oxide-qt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(Ubuntu touch end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [Ubuntu touch end-of-life])
sqlite
Launchpad, Ubuntu, Debian
Upstream
Released (3.20.0)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.20.0)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.22.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://www.sqlite.org/src/info/d6a44b352d432d52

Notes

AuthorNote
mdeslaur
the fix for this issue was to introduce a new API in sqlite.
This flaw is in chromium-browser, not in sqlite itself.

References