Published: 10/05/2019 Updated: 13/06/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)

Vulnerable Product	Search on Vulmon	Subscribe to Product
sqlite sqlite 3.26.0
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 19.10
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04

Several security issues were fixed in SQLite ...

Debian Bug report logs - #928770 sqlite3: CVE-2019-5018: Window Function Remote Code Execution Vulnerability Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 May 2019 19:09:01 UTC Severity: grave Tags: se ...

Synopsis Moderate: Release of OpenShift Serverless 1110 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1110 Description Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Synopsis Moderate: Release of OpenShift Serverless 1120 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1120Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detaile ...

Synopsis Moderate: Red Hat Quay v333 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Synopsis Moderate: sqlite security update Type/Severity Security Advisory: Moderate Topic An update for sqlite is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...

Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...

Critical Infrastructure Sectors: Critical Manufacturing

Another remote-code execution hole in top database engine SQLite: How it works, and why not to totally freak out

The Register • Gareth Corfield • 10 May 2019

You know the drill: Patch and stop using C

Cisco Talos researchers have uncovered an SQLite use-after-free() vulnerability that could allow an attacker to, in theory, remotely execute code on an affected device. "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0," said Talos in a blog post describing the vuln, provisionally allocated CVE-2019-5018. An open-source project, SQLite's maintainers describe it as "the most used database engine in the world." SQLite implements SQL's Window...

CVE-2019-5018

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect