CVE-2018-20505
Published: 03 April 2019
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
sqlite3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.25.3-1)
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(3.22.0-1ubuntu0.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(code not present)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(code not present)
|
|
Patches: Upstream: https://sqlite.org/src/vpatch?from=caebf8792576752d&to=1309c84ad36b6ac6 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
- https://sqlite.org/src/info/1a84668dcfdebaf12415d
- http://seclists.org/fulldisclosure/2019/Jan/62
- http://seclists.org/fulldisclosure/2019/Jan/64
- http://seclists.org/fulldisclosure/2019/Jan/66
- http://seclists.org/fulldisclosure/2019/Jan/67
- http://seclists.org/fulldisclosure/2019/Jan/68
- http://seclists.org/fulldisclosure/2019/Jan/69
- https://seclists.org/bugtraq/2019/Jan/28
- https://seclists.org/bugtraq/2019/Jan/29
- https://seclists.org/bugtraq/2019/Jan/31
- https://seclists.org/bugtraq/2019/Jan/32
- https://seclists.org/bugtraq/2019/Jan/33
- https://seclists.org/bugtraq/2019/Jan/39
- https://support.apple.com/kb/HT209443
- https://support.apple.com/kb/HT209446
- https://support.apple.com/kb/HT209447
- https://support.apple.com/kb/HT209448
- https://support.apple.com/kb/HT209450
- https://support.apple.com/kb/HT209451
- https://usn.ubuntu.com/usn/usn-4019-1
- NVD
- Launchpad
- Debian