#VU18574 Heap-based buffer overflow in SQLite
Vulnerability identifier: #VU18574
Vulnerability risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-122
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
SQLite
Server applications /
Database software
Vendor: SQLite
Description
The vulnerability allows a local user to crash the application or gain access to sensitive data.
The vulnerability exists due to a boundary error in the getNodeSize() function in ext/rtree/rtree.c when handling undersized RTree blobs. A local user can supply a specially crafted database to the affected application, trigger heap-based out of bounds read and crash the application or gain access to sensitive data.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
SQLite: 3.19.0 - 3.19.3
External links
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html
http://marc.info/?l=sqlite-users&m=149933696214713&w=2
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/99502
http://www.securitytracker.com/id/1039427
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
http://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
http://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
http://sqlite.org/src/info/66de6f4a
http://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
http://support.apple.com/HT208112
http://support.apple.com/HT208113
http://support.apple.com/HT208115
http://support.apple.com/HT208144
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
