Bug 1131560 - (CVE-2018-20505) VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause DOS
VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a tabl...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P5 - None : Minor
: ---
Assigned To: Reinhard Max
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2019-04-04 13:15 UTC by Alexandros Toptsoglou
Modified: 2019-04-04 14:46 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexandros Toptsoglou 2019-04-04 13:29:21 UTC
After code review it was found that none of our codestreams is affected.
Going through the version changes it seems that this vulnerability introduced in version 3.22.0 and fixed in version 3.26.0. The fix was also back-ported in version 3.25.3.

Regarding our codestreams: 
SLE15 ships an already fixed version of sqlite3
All the other codestreams are older and are not affected. 

Regarding openSUSE: 

TW ships an already fixed version 
LEAP 15 is currently vulnerable but an update will be soon published (release request has already been created [1])
LEAP 42.3 is not affected

[1] https://build.opensuse.org/request/show/689425