usn-4394-1
Vulnerability from osv_ubuntu
It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603)
It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645)
Henry Liu discovered that SQLite incorrectly handled certain malformed window-function queries. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-11655)
It was discovered that SQLite incorrectly handled certain string operations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13434)
It was discovered that SQLite incorrectly handled certain expressions. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435)
It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13630)
It was discovered that SQLite incorrectly handled certain virtual table names. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13631)
It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13632)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-13434",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13630",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13632",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.5"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.5"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.11.0-1ubuntu1.5"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.5"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.5?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.0-1ubuntu1.5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.11.1-1",
"3.9.1-2",
"3.9.2-1",
"3.10.0-1",
"3.10.1-1",
"3.10.2-1",
"3.11.0-1ubuntu1",
"3.11.0-1ubuntu1.1",
"3.11.0-1ubuntu1.2",
"3.11.0-1ubuntu1.3",
"3.11.0-1ubuntu1.4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-8740",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13434",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13630",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13632",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.22.0-1ubuntu0.4"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.22.0-1ubuntu0.4"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.22.0-1ubuntu0.4"
},
{
"binary_name": "sqlite3",
"binary_version": "3.22.0-1ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.22.0-1ubuntu0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.19.3-3",
"3.20.1-2",
"3.21.0-1",
"3.22.0-1",
"3.22.0-1ubuntu0.1",
"3.22.0-1ubuntu0.2",
"3.22.0-1ubuntu0.3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-11655",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13434",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13435",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13630",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13631",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-13632",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.31.1-4ubuntu0.1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.31.1-4ubuntu0.1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.31.1-4ubuntu0.1"
},
{
"binary_name": "sqlite3",
"binary_version": "3.31.1-4ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "sqlite3",
"purl": "pkg:deb/ubuntu/sqlite3@3.31.1-4ubuntu0.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.31.1-4ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.29.0-2",
"3.30.1-1",
"3.30.1-1ubuntu1",
"3.31.1-1ubuntu1",
"3.31.1-3",
"3.31.1-4"
]
}
],
"aliases": [],
"details": "It was discovered that SQLite incorrectly handled certain corruped schemas.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740)\n\nIt was discovered that SQLite incorrectly handled certain SELECT\nstatements. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603)\n\nIt was discovered that SQLite incorrectly handled certain self-referential\nviews. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645)\n\nHenry Liu discovered that SQLite incorrectly handled certain malformed\nwindow-function queries. An attacker could possibly use this issue to cause\na denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04\nLTS. (CVE-2020-11655)\n\nIt was discovered that SQLite incorrectly handled certain string\noperations. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2020-13434)\n\nIt was discovered that SQLite incorrectly handled certain expressions. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435)\n\nIt was discovered that SQLite incorrectly handled certain fts3 queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2020-13630)\n\nIt was discovered that SQLite incorrectly handled certain virtual table\nnames. An attacker could possibly use this issue to cause a denial of\nservice. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04\nLTS. (CVE-2020-13631)\n\nIt was discovered that SQLite incorrectly handled certain fts3 queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2020-13632)\n",
"id": "USN-4394-1",
"modified": "2026-04-27T14:11:25Z",
"published": "2020-06-10T13:36:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4394-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-8740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-19603"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-19645"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-11655"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13434"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13435"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13630"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13631"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13632"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "sqlite3 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2018-8740",
"UBUNTU-CVE-2019-19603",
"UBUNTU-CVE-2019-19645",
"UBUNTU-CVE-2020-11655",
"UBUNTU-CVE-2020-13434",
"UBUNTU-CVE-2020-13435",
"UBUNTU-CVE-2020-13630",
"UBUNTU-CVE-2020-13631",
"UBUNTU-CVE-2020-13632"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.