Debian: DLA-2340-1 Critical: sqlite3 Buffer Overflow Threat
debian lts
August 22, 2020
Several vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine
Topics Covered
Summary
Databases whose schema is corrupted using a CREATE TABLE AS statement
could cause a NULL pointer dereference.
CVE-2018-20346
When the FTS3 extension is enabled, sqlite3 encounters an integer
overflow (and resultant buffer overflow) for FTS3 queries that occur
after crafted changes to FTS3 shadow tables, allowing remote
attackers to execute arbitrary code by leveraging the ability to run
arbitrary SQL statements.
CVE-2018-20506
When the FTS3 extension is enabled, sqlite3 encounters an integer
overflow (and resultant buffer overflow) for FTS3 queries in a
"merge" operation that occurs after crafted changes to FTS3 shadow
tables, allowing remote attackers to execute arbitrary code by
leveraging the ability to run arbitrary SQL statements
CVE-2019-5827
Integer overflow allowed a remote attacker to potentially exploit
heap corruption via a crafted HTML page, primarily impacting
chromium.
CVE-2019-9936
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: sqlite3
Version: 3.16.2-5+deb9u2
CVE ID: CVE-2018-8740 CVE-2018-20346 CVE-2018-20506 CVE-2019-5827
Debian Bug:
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!