Ubuntu update for SQLite
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-5018 CVE-2019-16168 CVE-2019-19242 CVE-2018-8740 CVE-2019-19244 CVE-2019-5827 |
| CWE-ID | CWE-416 CWE-369 CWE-20 CWE-476 CWE-190 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
sqlite3 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU18645
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-5018
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the window function functionality. A remote attacker can send a specially crafted SQL command to the application, trigger user-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Division by zero
EUVDB-ID: #VU23188
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-16168
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.
Update the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU23189
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19242
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation within the sqlite3ExprCodeTarget(0 function in expr.c when processing the TK_COLUMN case. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.
Update the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU11173
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the build.c and prepare.c source codes files due to NULL pointer dereference. A remote attacker can cause the service to crash.
Update the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU23190
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage in select.c . A remote attacker can crash the affected application using a specially crafted SQL query.
Update the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU23191
Risk: High
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5827
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in SQLite component via WebSQL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 19.10
- libsqlite3-0 - 3.29.0-2ubuntu0.1
- sqlite3 - 3.29.0-2ubuntu0.1
- Ubuntu 19.04
- libsqlite3-0 - 3.27.2-2ubuntu0.2
- sqlite3 - 3.27.2-2ubuntu0.2
- Ubuntu 18.04 LTS
- libsqlite3-0 - 3.22.0-1ubuntu0.2
- sqlite3 - 3.22.0-1ubuntu0.2
- Ubuntu 16.04 LTS
- libsqlite3-0 - 3.11.0-1ubuntu1.3
- sqlite3 - 3.11.0-1ubuntu1.3
- Ubuntu 12.04 ESM
- libsqlite3-0 - 3.7.9-2ubuntu1.4
- sqlite3 - 3.7.9-2ubuntu1.4
sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
