DebianDEBIAN:DLA-1633-1:7A683[SECURITY] [DLA 1633-1] sqlite3 security update
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.6%
Package : sqlite3
Version : 3.8.7.1-1+deb8u4
CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520
CVE-2017-10989 CVE-2018-8740
Debian Bug : 867618 893195
Several flaws were corrected in SQLite, an SQL database engine.
CVE-2017-2518
A use-after-free bug in the query optimizer may cause a
buffer overflow and application crash via a crafted SQL statement.
CVE-2017-2519
Insufficient size of the reference count on Table objects
could lead to a denial-of-service or arbitrary code execution.
CVE-2017-2520
The sqlite3_value_text() interface returned a buffer that was not
large enough to hold the complete string plus zero terminator when
the input was a zeroblob. This could lead to arbitrary code
execution or a denial-of-service.
CVE-2017-10989
SQLite mishandles undersized RTree blobs in a crafted database
leading to a heap-based buffer over-read or possibly unspecified
other impact.
CVE-2018-8740
Databases whose schema is corrupted using a CREATE TABLE AS
statement could cause a NULL pointer dereference.
For Debian 8 "Jessie", these problems have been fixed in version
3.8.7.1-1+deb8u4.
We recommend that you upgrade your sqlite3 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | armhf | libsqlite3-0 | < 3.8.7.1-1+deb8u4 | libsqlite3-0_3.8.7.1-1+deb8u4_armhf.deb |
| Debian | 8 | all | sqlite3 | < 3.8.7.1-1+deb8u4 | sqlite3_3.8.7.1-1+deb8u4_all.deb |
| Debian | 8 | amd64 | lemon | < 3.8.7.1-1+deb8u4 | lemon_3.8.7.1-1+deb8u4_amd64.deb |
| Debian | 8 | armhf | libsqlite3-dev | < 3.8.7.1-1+deb8u4 | libsqlite3-dev_3.8.7.1-1+deb8u4_armhf.deb |
| Debian | 8 | armel | lemon | < 3.8.7.1-1+deb8u4 | lemon_3.8.7.1-1+deb8u4_armel.deb |
| Debian | 8 | i386 | libsqlite3-tcl | < 3.8.7.1-1+deb8u4 | libsqlite3-tcl_3.8.7.1-1+deb8u4_i386.deb |
| Debian | 8 | amd64 | sqlite3 | < 3.8.7.1-1+deb8u4 | sqlite3_3.8.7.1-1+deb8u4_amd64.deb |
| Debian | 8 | i386 | libsqlite3-0 | < 3.8.7.1-1+deb8u4 | libsqlite3-0_3.8.7.1-1+deb8u4_i386.deb |
| Debian | 8 | amd64 | libsqlite3-tcl | < 3.8.7.1-1+deb8u4 | libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb |
| Debian | 8 | amd64 | libsqlite3-0 | < 3.8.7.1-1+deb8u4 | libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.6%