Bug 1131560 – VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause DOS

Bug 1131560 - (CVE-2018-20505) VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause DOS

(CVE-2018-20505)
Summary:	VUL-1: CVE-2018-20505: sqlite3: SQLite 3.25.2, when queries are run on a tabl...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assigned To:	Reinhard Max
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/228738/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-04-04 13:15 UTC by Alexandros Toptsoglou
Modified:	2019-04-04 14:46 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2019-04-04 13:15:39 UTC

CVE-2018-20505

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY,
allows remote attackers to cause a denial of service (application crash) by
leveraging the ability to run arbitrary SQL statements (such as in certain
WebSQL use cases).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
https://support.apple.com/kb/HT209448
https://support.apple.com/kb/HT209447
https://support.apple.com/kb/HT209446
https://support.apple.com/kb/HT209443
https://sqlite.org/src/info/1a84668dcfdebaf12415d
https://seclists.org/bugtraq/2019/Jan/39
https://seclists.org/bugtraq/2019/Jan/33
https://seclists.org/bugtraq/2019/Jan/32
https://seclists.org/bugtraq/2019/Jan/31
https://support.apple.com/kb/HT209451
https://seclists.org/bugtraq/2019/Jan/28
http://www.securityfocus.com/bid/106698
http://seclists.org/fulldisclosure/2019/Jan/69
http://seclists.org/fulldisclosure/2019/Jan/68
http://seclists.org/fulldisclosure/2019/Jan/67
http://seclists.org/fulldisclosure/2019/Jan/66
http://seclists.org/fulldisclosure/2019/Jan/64
http://seclists.org/fulldisclosure/2019/Jan/62
https://seclists.org/bugtraq/2019/Jan/29
https://support.apple.com/kb/HT209450

Comment 1 Alexandros Toptsoglou 2019-04-04 13:29:21 UTC

After code review it was found that none of our codestreams is affected.
Going through the version changes it seems that this vulnerability introduced in version 3.22.0 and fixed in version 3.26.0. The fix was also back-ported in version 3.25.3.

Regarding our codestreams: 
SLE15 ships an already fixed version of sqlite3
All the other codestreams are older and are not affected. 

Regarding openSUSE: 

TW ships an already fixed version 
LEAP 15 is currently vulnerable but an update will be soon published (release request has already been created [1])
LEAP 42.3 is not affected


[1] https://build.opensuse.org/request/show/689425