Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-4019-2
Vulnerability from osv_ubuntu
USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2017-2518)
It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20346, CVE-2018-20506)
It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457)
It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-6153)
It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-10989)
It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13685)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-6153",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-2518",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-10989",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-13685",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-20346",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-20506",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-8457",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
}
],
"aliases": [],
"details": "USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that SQLite incorrectly handled certain SQL files.\n An attacker could possibly use this issue to execute arbitrary code\n or cause a denial of service. (CVE-2017-2518)\n\n It was discovered that SQLite incorrectly handled certain queries.\n An attacker could possibly use this issue to execute arbitrary code.\n (CVE-2018-20346, CVE-2018-20506)\n\n It was discovered that SQLite incorrectly handled certain inputs.\n An attacker could possibly use this issue to access sensitive information.\n (CVE-2019-8457)\n\n It was discovered that SQLite incorrectly handled certain inputs.\n An attacker could possibly use this issue to cause a denial of service.\n (CVE-2016-6153)\n\n It was discovered that SQLite incorrectly handled certain databases.\n An attacker could possibly use this issue to access sensitive information.\n This issue only affected Ubuntu 14.04 LTS. (CVE-2017-10989)\n\n It was discovered that SQLite incorrectly handled certain files.\n An attacker could possibly use this issue to cause a denial of service.\n (CVE-2017-13685)\n",
"id": "USN-4019-2",
"modified": "2026-04-27T14:11:24Z",
"published": "2019-06-19T17:21:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6153"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2518"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10989"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-13685"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20346"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20506"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-8457"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "sqlite3 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-6153",
"UBUNTU-CVE-2017-2518",
"UBUNTU-CVE-2017-10989",
"UBUNTU-CVE-2017-13685",
"UBUNTU-CVE-2018-20346",
"UBUNTU-CVE-2018-20506",
"UBUNTU-CVE-2019-8457"
]
}
ubuntu-cve-2016-6153
Vulnerability from osv_ubuntu
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
}
],
"aliases": [],
"details": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.",
"id": "UBUNTU-CVE-2016-6153",
"modified": "2026-04-22T07:38:01Z",
"published": "2016-09-26T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6153"
},
{
"type": "REPORT",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"
},
{
"type": "REPORT",
"url": "https://www.sqlite.org/releaselog/3_13_0.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2016-6153"
]
}
ubuntu-cve-2017-10989
Vulnerability from osv_ubuntu
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
}
],
"aliases": [],
"details": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.",
"id": "UBUNTU-CVE-2017-10989",
"modified": "2026-04-22T07:38:18Z",
"published": "2017-07-07T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-10989"
},
{
"type": "REPORT",
"url": "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2017-10989"
]
}
ubuntu-cve-2017-13685
Vulnerability from osv_ubuntu
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
}
],
"aliases": [],
"details": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.",
"id": "UBUNTU-CVE-2017-13685",
"modified": "2026-04-22T07:38:20Z",
"published": "2017-08-29T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-13685"
},
{
"type": "REPORT",
"url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2017-13685"
]
}
ubuntu-cve-2017-2518
Vulnerability from osv_ubuntu
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
}
],
"aliases": [],
"details": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",
"id": "UBUNTU-CVE-2017-2518",
"modified": "2026-04-22T07:38:08Z",
"published": "2017-05-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2518"
},
{
"type": "REPORT",
"url": "https://support.apple.com/HT207797"
},
{
"type": "REPORT",
"url": "https://support.apple.com/HT207798"
},
{
"type": "REPORT",
"url": "https://support.apple.com/HT207800"
},
{
"type": "REPORT",
"url": "https://support.apple.com/HT207801"
},
{
"type": "REPORT",
"url": "https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2518"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2017-2518"
]
}
ubuntu-cve-2018-20346
Vulnerability from osv_ubuntu
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.22.0-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.19.3-3",
"3.20.1-2",
"3.21.0-1",
"3.22.0-1"
]
}
],
"aliases": [],
"details": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.",
"id": "UBUNTU-CVE-2018-20346",
"modified": "2026-04-22T07:38:46Z",
"published": "2018-12-21T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20346"
},
{
"type": "REPORT",
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"type": "REPORT",
"url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/articles/3758321"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"type": "REPORT",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"type": "REPORT",
"url": "https://crbug.com/900910"
},
{
"type": "REPORT",
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"type": "REPORT",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"type": "REPORT",
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"type": "REPORT",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"type": "REPORT",
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"type": "REPORT",
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"type": "REPORT",
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2018-20346"
]
}
ubuntu-cve-2018-20506
Vulnerability from osv_ubuntu
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.22.0-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.19.3-3",
"3.20.1-2",
"3.21.0-1",
"3.22.0-1"
]
}
],
"aliases": [],
"details": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.",
"id": "UBUNTU-CVE-2018-20506",
"modified": "2026-04-22T07:38:47Z",
"published": "2019-04-03T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-20506"
},
{
"type": "REPORT",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"type": "REPORT",
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"type": "REPORT",
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209443"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209446"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209447"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209448"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209450"
},
{
"type": "REPORT",
"url": "https://support.apple.com/kb/HT209451"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
}
],
"related": [
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2018-20506"
]
}
ubuntu-cve-2019-8457
Vulnerability from osv_ubuntu
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "db5.3-sql-util",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "db5.3-util",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3++",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-java",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-java-gcj",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-java-jni",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-sql",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-stl",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
},
{
"binary_name": "libdb5.3-tcl",
"binary_version": "5.3.28-3ubuntu3.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "db5.3",
"purl": "pkg:deb/ubuntu/db5.3@5.3.28-3ubuntu3.1+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.28-3ubuntu3.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.3.21-2",
"5.3.28-2",
"5.3.28-3",
"5.3.28-3ubuntu1",
"5.3.28-3ubuntu2",
"5.3.28-3ubuntu3",
"5.3.28-3ubuntu3.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.8.2-1ubuntu2.2+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.8.2-1ubuntu2.2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.17-1ubuntu1",
"3.8.0.2-1ubuntu1",
"3.8.1-1ubuntu1",
"3.8.1-1ubuntu3",
"3.8.2-1ubuntu1",
"3.8.2-1ubuntu2",
"3.8.2-1ubuntu2.1",
"3.8.2-1ubuntu2.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "db5.3-sql-util",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "db5.3-util",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3++",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-java",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-java-gcj",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-java-jni",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-sql",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-stl",
"binary_version": "5.3.28-11ubuntu0.2"
},
{
"binary_name": "libdb5.3-tcl",
"binary_version": "5.3.28-11ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "db5.3",
"purl": "pkg:deb/ubuntu/db5.3@5.3.28-11ubuntu0.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.28-11ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.3.28-11",
"5.3.28-11ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher0",
"binary_version": "3.2.0-1.1"
},
{
"binary_name": "sqlcipher",
"binary_version": "3.2.0-1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@3.2.0-1.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.0-1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "db5.3-sql-util",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "db5.3-util",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3++",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3-java",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3-java-jni",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3-sql",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3-stl",
"binary_version": "5.3.28-13.1ubuntu1.1"
},
{
"binary_name": "libdb5.3-tcl",
"binary_version": "5.3.28-13.1ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "db5.3",
"purl": "pkg:deb/ubuntu/db5.3@5.3.28-13.1ubuntu1.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.28-13.1ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.3.28-13.1",
"5.3.28-13.1ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.22.0-1ubuntu0.1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.22.0-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.19.3-3",
"3.20.1-2",
"3.21.0-1",
"3.22.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.9.5+dfsg-0ubuntu2+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.9.5+dfsg-0ubuntu2+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.9.1+dfsg-4",
"5.9.1+dfsg-4ubuntu1",
"5.9.2+dfsg-2ubuntu1",
"5.9.3+dfsg-0ubuntu1",
"5.9.4+dfsg-0ubuntu1",
"5.9.5+dfsg-0ubuntu2",
"5.9.5+dfsg-0ubuntu2+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher0",
"binary_version": "3.4.1-1build1"
},
{
"binary_name": "sqlcipher",
"binary_version": "3.4.1-1build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@3.4.1-1build1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1-1",
"3.4.1-1build1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "db5.3-sql-util",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "db5.3-util",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3++",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3-java",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3-java-jni",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3-sql",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3-stl",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
},
{
"binary_name": "libdb5.3-tcl",
"binary_version": "5.3.28+dfsg1-0.6ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "db5.3",
"purl": "pkg:deb/ubuntu/db5.3@5.3.28+dfsg1-0.6ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.28+dfsg1-0.6ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.12.8+dfsg-0ubuntu1.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.12.8+dfsg-0ubuntu1.1+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.12.4+dfsg-1ubuntu1",
"5.12.4+dfsg-1ubuntu3",
"5.12.5+dfsg-3ubuntu1",
"5.12.5+dfsg-6ubuntu2",
"5.12.5+dfsg-7",
"5.12.5+dfsg-7build1",
"5.12.8+dfsg-0ubuntu1",
"5.12.8+dfsg-0ubuntu1.1",
"5.12.8+dfsg-0ubuntu1.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher0",
"binary_version": "3.4.1-1build2"
},
{
"binary_name": "sqlcipher",
"binary_version": "3.4.1-1build2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@3.4.1-1build2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1-1build2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher0",
"binary_version": "3.4.1-2build1"
},
{
"binary_name": "sqlcipher",
"binary_version": "3.4.1-2build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@3.4.1-2build1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1-2",
"3.4.1-2build1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5pdf5",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libqt5pdfwidgets5",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qml-module-qtquick-pdf",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qt5-image-formats-plugin-pdf",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qtpdf5-doc-html",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qtpdf5-examples",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.15.9+dfsg-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.9+dfsg-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.6+dfsg-1",
"5.15.6+dfsg-2",
"5.15.7+dfsg-2",
"5.15.8+dfsg-1",
"5.15.8+dfsg-1build1",
"5.15.8+dfsg-1build2",
"5.15.8+dfsg-2",
"5.15.9+dfsg-1",
"5.15.9+dfsg-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher1",
"binary_version": "4.5.6-1build2"
},
{
"binary_name": "sqlcipher",
"binary_version": "4.5.6-1build2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@4.5.6-1build2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.1-2build1",
"4.5.5-3",
"4.5.6-1",
"4.5.6-1build1",
"4.5.6-1build2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5pdf5",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "libqt5pdfwidgets5",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qml-module-qtquick-pdf",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qt5-image-formats-plugin-pdf",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qtpdf5-doc-html",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qtpdf5-examples",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.15.16+dfsg-3ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.16+dfsg-3ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.15+dfsg-2",
"5.15.15+dfsg-2build2",
"5.15.15+dfsg-2ubuntu1",
"5.15.16+dfsg-1",
"5.15.16+dfsg-1ubuntu2",
"5.15.16+dfsg-1ubuntu4",
"5.15.16+dfsg-3",
"5.15.16+dfsg-3ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5pdf5",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "libqt5pdfwidgets5",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qml-module-qtquick-pdf",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qt5-image-formats-plugin-pdf",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qtpdf5-doc-html",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qtpdf5-examples",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.15.19+dfsg2-1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.15.19+dfsg2-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.19+dfsg2-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.18+dfsg-2",
"5.15.18+dfsg-2build1",
"5.15.19+dfsg-1",
"5.15.19+dfsg2-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher1",
"binary_version": "4.6.1-2"
},
{
"binary_name": "sqlcipher",
"binary_version": "4.6.1-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@4.6.1-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.6.1-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libsqlcipher2",
"binary_version": "4.13.0-1"
},
{
"binary_name": "sqlcipher",
"binary_version": "4.13.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "sqlcipher",
"purl": "pkg:deb/ubuntu/sqlcipher@4.13.0-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.6.1-2",
"4.11.0-1",
"4.11.0-2",
"4.13.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libqt5webengine-data",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webengine5",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginecore5",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "libqt5webenginewidgets5",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "qml-module-qtwebengine",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-dev-tools",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-doc-html",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
},
{
"binary_name": "qtwebengine5-examples",
"binary_version": "5.15.19+dfsg2-4ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"name": "qtwebengine-opensource-src",
"purl": "pkg:deb/ubuntu/qtwebengine-opensource-src@5.15.19+dfsg2-4ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.19+dfsg2-1",
"5.15.19+dfsg2-1build1",
"5.15.19+dfsg2-2",
"5.15.19+dfsg2-3",
"5.15.19+dfsg2-4",
"5.15.19+dfsg2-4ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",
"id": "UBUNTU-CVE-2019-8457",
"modified": "2026-05-29T10:24:38Z",
"published": "2019-05-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-8457"
},
{
"type": "REPORT",
"url": "https://www.sqlite.org/src/info/90acdbfce9c08858"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4004-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4004-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4019-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
}
],
"related": [
"USN-4004-1",
"USN-4004-2",
"USN-4019-1",
"USN-4019-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2019-8457"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.