CVE-2018-20505
Published: 3 April 2019
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Priority
Status
Package | Release | Status |
---|---|---|
sqlite3 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.25.3-1)
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
bionic |
Released
(3.22.0-1ubuntu0.1)
|
|
cosmic |
Released
(3.24.0-1ubuntu0.1)
|
|
disco |
Not vulnerable
(3.27.2-1)
|
|
Patches: upstream: https://sqlite.org/src/vpatch?from=caebf8792576752d&to=1309c84ad36b6ac6 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
- https://sqlite.org/src/info/1a84668dcfdebaf12415d
- http://seclists.org/fulldisclosure/2019/Jan/62
- http://seclists.org/fulldisclosure/2019/Jan/64
- http://seclists.org/fulldisclosure/2019/Jan/66
- http://seclists.org/fulldisclosure/2019/Jan/67
- http://seclists.org/fulldisclosure/2019/Jan/68
- http://seclists.org/fulldisclosure/2019/Jan/69
- https://seclists.org/bugtraq/2019/Jan/28
- https://seclists.org/bugtraq/2019/Jan/29
- https://seclists.org/bugtraq/2019/Jan/31
- https://seclists.org/bugtraq/2019/Jan/32
- https://seclists.org/bugtraq/2019/Jan/33
- https://seclists.org/bugtraq/2019/Jan/39
- https://support.apple.com/kb/HT209443
- https://support.apple.com/kb/HT209446
- https://support.apple.com/kb/HT209447
- https://support.apple.com/kb/HT209448
- https://support.apple.com/kb/HT209450
- https://support.apple.com/kb/HT209451
- https://ubuntu.com/security/notices/USN-4019-1
- NVD
- Launchpad
- Debian