Ubuntu update for SQLite



| Updated: 2021-06-20
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2019-5018
CVE-2019-16168
CVE-2019-19242
CVE-2018-8740
CVE-2019-19244
CVE-2019-5827
CWE-ID CWE-416
CWE-369
CWE-20
CWE-476
CWE-190
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
 sqlite3 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU18645

Risk: High

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-5018

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the window function functionality. A remote attacker can send a specially crafted SQL command to the application, trigger user-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Division by zero

EUVDB-ID: #VU23188

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-16168

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Input validation error

EUVDB-ID: #VU23189

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-19242

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation within the sqlite3ExprCodeTarget(0 function in expr.c when processing the TK_COLUMN case. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU11173

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-8740

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the build.c and prepare.c source codes files due to NULL pointer dereference. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU23190

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-19244

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage in select.c . A remote attacker can crash the affected application using a specially crafted SQL query.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU23191

Risk: High

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-5827

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in SQLite component via WebSQL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 19.10
libsqlite3-0 - 3.29.0-2ubuntu0.1
sqlite3 - 3.29.0-2ubuntu0.1
Ubuntu 19.04
libsqlite3-0 - 3.27.2-2ubuntu0.2
sqlite3 - 3.27.2-2ubuntu0.2
Ubuntu 18.04 LTS
libsqlite3-0 - 3.22.0-1ubuntu0.2
sqlite3 - 3.22.0-1ubuntu0.2
Ubuntu 16.04 LTS
libsqlite3-0 - 3.11.0-1ubuntu1.3
sqlite3 - 3.11.0-1ubuntu1.3
Ubuntu 12.04 ESM
libsqlite3-0 - 3.7.9-2ubuntu1.4
sqlite3 - 3.7.9-2ubuntu1.4

Vulnerable software versions

sqlite3 (Ubuntu package): 3.11.0-1ubuntu1.1 - 3.27.2-2ubuntu0.1

CPE2.3 External links

https://usn.ubuntu.com/4205-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###