CVE-2018-20505

Published: 03 April 2019

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.25.3-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.22.0-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://sqlite.org/src/vpatch?from=caebf8792576752d&to=1309c84ad36b6ac6