{"id":"USN-4394-1","summary":"sqlite3 vulnerabilities","details":"It was discovered that SQLite incorrectly handled certain corruped schemas.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740)\n\nIt was discovered that SQLite incorrectly handled certain SELECT\nstatements. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603)\n\nIt was discovered that SQLite incorrectly handled certain self-referential\nviews. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645)\n\nHenry Liu discovered that SQLite incorrectly handled certain malformed\nwindow-function queries. An attacker could possibly use this issue to cause\na denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04\nLTS. (CVE-2020-11655)\n\nIt was discovered that SQLite incorrectly handled certain string\noperations. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2020-13434)\n\nIt was discovered that SQLite incorrectly handled certain expressions. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435)\n\nIt was discovered that SQLite incorrectly handled certain fts3 queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2020-13630)\n\nIt was discovered that SQLite incorrectly handled certain virtual table\nnames. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04\nLTS. (CVE-2020-13631)\n\nIt was discovered that SQLite incorrectly handled certain fts3 queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2020-13632)\n","modified":"2026-04-27T15:48:43.777096828Z","published":"2020-06-10T13:36:53Z","related":["UBUNTU-CVE-2018-8740","UBUNTU-CVE-2019-19603","UBUNTU-CVE-2019-19645","UBUNTU-CVE-2020-11655","UBUNTU-CVE-2020-13434","UBUNTU-CVE-2020-13435","UBUNTU-CVE-2020-13630","UBUNTU-CVE-2020-13631","UBUNTU-CVE-2020-13632"],"upstream":["CVE-2018-8740","CVE-2019-19603","CVE-2019-19645","CVE-2020-11655","CVE-2020-13434","CVE-2020-13435","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","UBUNTU-CVE-2018-8740","UBUNTU-CVE-2019-19603","UBUNTU-CVE-2019-19645","UBUNTU-CVE-2020-11655","UBUNTU-CVE-2020-13434","UBUNTU-CVE-2020-13435","UBUNTU-CVE-2020-13630","UBUNTU-CVE-2020-13631","UBUNTU-CVE-2020-13632"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4394-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8740"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19603"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19645"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11655"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13434"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13435"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13630"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13631"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13632"}],"affected":[{"package":{"name":"sqlite3","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.5?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.0-1ubuntu1.5"}]}],"versions":["3.8.11.1-1","3.9.1-2","3.9.2-1","3.10.0-1","3.10.1-1","3.10.2-1","3.11.0-1ubuntu1","3.11.0-1ubuntu1.1","3.11.0-1ubuntu1.2","3.11.0-1ubuntu1.3","3.11.0-1ubuntu1.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"lemon","binary_version":"3.11.0-1ubuntu1.5"},{"binary_name":"libsqlite3-0","binary_version":"3.11.0-1ubuntu1.5"},{"binary_name":"libsqlite3-tcl","binary_version":"3.11.0-1ubuntu1.5"},{"binary_name":"sqlite3","binary_version":"3.11.0-1ubuntu1.5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4394-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13434"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13630"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13632"}]}}},{"package":{"name":"sqlite3","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.22.0-1ubuntu0.4"}]}],"versions":["3.19.3-3","3.20.1-2","3.21.0-1","3.22.0-1","3.22.0-1ubuntu0.1","3.22.0-1ubuntu0.2","3.22.0-1ubuntu0.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"lemon","binary_version":"3.22.0-1ubuntu0.4"},{"binary_name":"libsqlite3-0","binary_version":"3.22.0-1ubuntu0.4"},{"binary_name":"libsqlite3-tcl","binary_version":"3.22.0-1ubuntu0.4"},{"binary_name":"sqlite3","binary_version":"3.22.0-1ubuntu0.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4394-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2018-8740"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13434"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13630"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-13632"}]}}},{"package":{"name":"sqlite3","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/sqlite3@3.31.1-4ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.31.1-4ubuntu0.1"}]}],"versions":["3.29.0-2","3.30.1-1","3.30.1-1ubuntu1","3.31.1-1ubuntu1","3.31.1-3","3.31.1-4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"lemon","binary_version":"3.31.1-4ubuntu0.1"},{"binary_name":"libsqlite3-0","binary_version":"3.31.1-4ubuntu0.1"},{"binary_name":"libsqlite3-tcl","binary_version":"3.31.1-4ubuntu0.1"},{"binary_name":"sqlite3","binary_version":"3.31.1-4ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4394-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-11655"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13434"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13435"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13630"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-13631"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13632"}]}}}],"schema_version":"1.7.5"}