Bugzilla – Bug 1131560
VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause DOS
Last modified: 2019-04-04 14:46:42 UTC
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY,
allows remote attackers to cause a denial of service (application crash) by
leveraging the ability to run arbitrary SQL statements (such as in certain
WebSQL use cases).
After code review it was found that none of our codestreams is affected.
Going through the version changes it seems that this vulnerability introduced in version 3.22.0 and fixed in version 3.26.0. The fix was also back-ported in version 3.25.3.
Regarding our codestreams:
SLE15 ships an already fixed version of sqlite3
All the other codestreams are older and are not affected.
TW ships an already fixed version
LEAP 15 is currently vulnerable but an update will be soon published (release request has already been created )
LEAP 42.3 is not affected