Vulnerabilities > CVE-2018-8740 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sqlite

debian

CWE-476

nessus

NVD

Published: 2018-03-17

Updated: 2023-11-07

Summary

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Vulnerable Configurations

Part	Description	Count
Application	Sqlite Sqlite Sqlite 1.0 Sqlite Sqlite 1.0.1 Sqlite Sqlite 1.0.3 Sqlite Sqlite 1.0.4 Sqlite Sqlite 1.0.5 Sqlite Sqlite 1.0.8 Sqlite Sqlite 1.0.9 Sqlite Sqlite 1.0.10 Sqlite Sqlite 1.0.12 Sqlite Sqlite 1.0.13 Sqlite Sqlite 1.0.14 Sqlite Sqlite 1.0.15 Sqlite Sqlite 1.0.16 Sqlite Sqlite 1.0.17 Sqlite Sqlite 1.0.18 Sqlite Sqlite 1.0.19 Sqlite Sqlite 1.0.20 Sqlite Sqlite 1.0.21 Sqlite Sqlite 1.0.22 Sqlite Sqlite 1.0.23 Sqlite Sqlite 1.0.24 Sqlite Sqlite 1.0.25 Sqlite Sqlite 1.0.26 Sqlite Sqlite 1.0.27 Sqlite Sqlite 1.0.28 Sqlite Sqlite 1.0.29 Sqlite Sqlite 1.0.30 Sqlite Sqlite 1.0.31 Sqlite Sqlite 1.0.32 Sqlite Sqlite 2.0.0 Sqlite Sqlite 2.0.1 Sqlite Sqlite 2.0.2 Sqlite Sqlite 2.0.3 Sqlite Sqlite 2.0.4 Sqlite Sqlite 2.0.5 Sqlite Sqlite 2.0.6 Sqlite Sqlite 2.0.7 Sqlite Sqlite 2.0.8 Sqlite Sqlite 2.1.0 Sqlite Sqlite 2.1.1 Sqlite Sqlite 2.1.2 Sqlite Sqlite 2.1.3 Sqlite Sqlite 2.1.4 Sqlite Sqlite 2.1.5 Sqlite Sqlite 2.1.6 Sqlite Sqlite 2.1.7 Sqlite Sqlite 2.2.0 Sqlite Sqlite 2.2.1 Sqlite Sqlite 2.2.2 Sqlite Sqlite 2.2.3 Sqlite Sqlite 2.2.4 Sqlite Sqlite 2.2.5 Sqlite Sqlite 2.3.0 Sqlite Sqlite 2.3.1 Sqlite Sqlite 2.3.2 Sqlite Sqlite 2.3.3 Sqlite Sqlite 2.4.0 Sqlite Sqlite 2.4.1 Sqlite Sqlite 2.4.2 Sqlite Sqlite 2.4.3 Sqlite Sqlite 2.4.4 Sqlite Sqlite 2.4.5 Sqlite Sqlite 2.4.6 Sqlite Sqlite 2.4.7 Sqlite Sqlite 2.4.8 Sqlite Sqlite 2.4.9 Sqlite Sqlite 2.4.10 Sqlite Sqlite 2.4.11 Sqlite Sqlite 2.4.12 Sqlite Sqlite 2.5.0 Sqlite Sqlite 2.5.1 Sqlite Sqlite 2.5.2 Sqlite Sqlite 2.5.3 Sqlite Sqlite 2.5.4 Sqlite Sqlite 2.5.5 Sqlite Sqlite 2.5.6 Sqlite Sqlite 2.6.0 Sqlite Sqlite 2.6.1 Sqlite Sqlite 2.6.2 Sqlite Sqlite 2.6.3 Sqlite Sqlite 2.7.0 Sqlite Sqlite 2.7.1 Sqlite Sqlite 2.7.2 Sqlite Sqlite 2.7.3 Sqlite Sqlite 2.7.4 Sqlite Sqlite 2.7.5 Sqlite Sqlite 2.7.6 Sqlite Sqlite 2.8.0 Sqlite Sqlite 2.8.1 Sqlite Sqlite 2.8.2 Sqlite Sqlite 2.8.3 Sqlite Sqlite 2.8.4 Sqlite Sqlite 2.8.5 Sqlite Sqlite 2.8.6 Sqlite Sqlite 2.8.7 Sqlite Sqlite 2.8.8 Sqlite Sqlite 2.8.9 Sqlite Sqlite 2.8.10 Sqlite Sqlite 2.8.11 Sqlite Sqlite 2.8.12 Sqlite Sqlite 2.8.13 Sqlite Sqlite 2.8.14 Sqlite Sqlite 2.8.15 Sqlite Sqlite 2.8.16 Sqlite Sqlite 2.8.17 Sqlite Sqlite 3.0.0 Sqlite Sqlite 3.0.1 Sqlite Sqlite 3.0.2 Sqlite Sqlite 3.0.3 Sqlite Sqlite 3.0.4 Sqlite Sqlite 3.0.5 Sqlite Sqlite 3.0.6 Sqlite Sqlite 3.0.7 Sqlite Sqlite 3.0.8 Sqlite Sqlite 3.1.0 Sqlite Sqlite 3.1.1 Sqlite Sqlite 3.1.2 Sqlite Sqlite 3.1.3 Sqlite Sqlite 3.1.3.1 Sqlite Sqlite 3.1.4 Sqlite Sqlite 3.1.5 Sqlite Sqlite 3.1.6 Sqlite Sqlite 3.2.0 Sqlite Sqlite 3.2.1 Sqlite Sqlite 3.2.2 Sqlite Sqlite 3.2.3 Sqlite Sqlite 3.2.4 Sqlite Sqlite 3.2.5 Sqlite Sqlite 3.2.6 Sqlite Sqlite 3.2.7 Sqlite Sqlite 3.2.8 Sqlite Sqlite 3.3.0 Sqlite Sqlite 3.3.1 Sqlite Sqlite 3.3.2 Sqlite Sqlite 3.3.3 Sqlite Sqlite 3.3.4 Sqlite Sqlite 3.3.5 Sqlite Sqlite 3.3.6 Sqlite Sqlite 3.3.7 Sqlite Sqlite 3.3.8 Sqlite Sqlite 3.3.9 Sqlite Sqlite 3.3.10 Sqlite Sqlite 3.3.11 Sqlite Sqlite 3.3.12 Sqlite Sqlite 3.3.13 Sqlite Sqlite 3.3.14 Sqlite Sqlite 3.3.15 Sqlite Sqlite 3.3.16 Sqlite Sqlite 3.3.17 Sqlite Sqlite 3.4.0 Sqlite Sqlite 3.4.1 Sqlite Sqlite 3.4.2 Sqlite Sqlite 3.5.0 Sqlite Sqlite 3.5.1 Sqlite Sqlite 3.5.2 Sqlite Sqlite 3.5.3 Sqlite Sqlite 3.5.4 Sqlite Sqlite 3.5.5 Sqlite Sqlite 3.5.6 Sqlite Sqlite 3.5.7 Sqlite Sqlite 3.5.8 Sqlite Sqlite 3.5.9 Sqlite Sqlite 3.6.0 Sqlite Sqlite 3.6.1 Sqlite Sqlite 3.6.2 Sqlite Sqlite 3.6.3 Sqlite Sqlite 3.6.4 Sqlite Sqlite 3.6.5 Sqlite Sqlite 3.6.6 Sqlite Sqlite 3.6.6.1 Sqlite Sqlite 3.6.6.2 Sqlite Sqlite 3.6.7 Sqlite Sqlite 3.6.8 Sqlite Sqlite 3.6.9 Sqlite Sqlite 3.6.10 Sqlite Sqlite 3.6.11 Sqlite Sqlite 3.6.12 Sqlite Sqlite 3.6.13 Sqlite Sqlite 3.6.14 Sqlite Sqlite 3.6.14.1 Sqlite Sqlite 3.6.14.2 Sqlite Sqlite 3.6.15 Sqlite Sqlite 3.6.16 Sqlite Sqlite 3.6.16.1 Sqlite Sqlite 3.6.17 Sqlite Sqlite 3.6.18 Sqlite Sqlite 3.6.19 Sqlite Sqlite 3.6.20 Sqlite Sqlite 3.6.21 Sqlite Sqlite 3.6.22 Sqlite Sqlite 3.6.23 Sqlite Sqlite 3.6.23.1 Sqlite Sqlite 3.7.0 Sqlite Sqlite 3.7.0.1 Sqlite Sqlite 3.7.1 Sqlite Sqlite 3.7.2 Sqlite Sqlite 3.7.3 Sqlite Sqlite 3.7.4 Sqlite Sqlite 3.7.5 Sqlite Sqlite 3.7.6 Sqlite Sqlite 3.7.6.1 Sqlite Sqlite 3.7.6.2 Sqlite Sqlite 3.7.6.3 Sqlite Sqlite 3.7.7 Sqlite Sqlite 3.7.7.1 Sqlite Sqlite 3.7.8 Sqlite Sqlite 3.7.9 Sqlite Sqlite 3.7.10 Sqlite Sqlite 3.7.11 Sqlite Sqlite 3.7.12 Sqlite Sqlite 3.7.12.1 Sqlite Sqlite 3.7.13 Sqlite Sqlite 3.7.14 Sqlite Sqlite 3.7.14.1 Sqlite Sqlite 3.7.15 Sqlite Sqlite 3.7.15.1 Sqlite Sqlite 3.7.15.2 Sqlite Sqlite 3.7.16 Sqlite Sqlite 3.7.16.1 Sqlite Sqlite 3.7.16.2 Sqlite Sqlite 3.7.17 Sqlite Sqlite 3.8.0 Sqlite Sqlite 3.8.0.1 Sqlite Sqlite 3.8.0.2 Sqlite Sqlite 3.8.1 Sqlite Sqlite 3.8.2 Sqlite Sqlite 3.8.3 Sqlite Sqlite 3.8.3.1 Sqlite Sqlite 3.8.4 Sqlite Sqlite 3.8.4.1 Sqlite Sqlite 3.8.4.2 Sqlite Sqlite 3.8.4.3 Sqlite Sqlite 3.8.5 Sqlite Sqlite 3.8.6 Sqlite Sqlite 3.8.6.1 Sqlite Sqlite 3.8.7 Sqlite Sqlite 3.8.7.1 Sqlite Sqlite 3.8.7.2 Sqlite Sqlite 3.8.7.3 Sqlite Sqlite 3.8.7.4 Sqlite Sqlite 3.8.8 Sqlite Sqlite 3.8.8.1 Sqlite Sqlite 3.8.8.2 Sqlite Sqlite 3.8.8.3 Sqlite Sqlite 3.8.9 Sqlite Sqlite 3.8.10 Sqlite Sqlite 3.8.10.1 Sqlite Sqlite 3.8.10.2 Sqlite Sqlite 3.8.11 Sqlite Sqlite 3.8.11.1 Sqlite Sqlite 3.9.0 Sqlite Sqlite 3.9.1 Sqlite Sqlite 3.9.2 Sqlite Sqlite 3.9.3 Sqlite Sqlite 3.10.0 Sqlite Sqlite 3.10.1 Sqlite Sqlite 3.10.2 Sqlite Sqlite 3.11.0 Sqlite Sqlite 3.11.1 Sqlite Sqlite 3.12.0 Sqlite Sqlite 3.12.1 Sqlite Sqlite 3.12.2 Sqlite Sqlite 3.13.0 Sqlite Sqlite 3.14 Sqlite Sqlite 3.14.1 Sqlite Sqlite 3.14.2 Sqlite Sqlite 3.15.0 Sqlite Sqlite 3.15.1 Sqlite Sqlite 3.15.2 Sqlite Sqlite 3.16.0 Sqlite Sqlite 3.16.1 Sqlite Sqlite 3.16.2 Sqlite Sqlite 3.17.0 Sqlite Sqlite 3.18.0 Sqlite Sqlite 3.18.1 Sqlite Sqlite 3.18.2 Sqlite Sqlite 3.19.0 Sqlite Sqlite 3.19.1 Sqlite Sqlite 3.19.2 Sqlite Sqlite 3.19.3 Sqlite Sqlite 3.20.0 Sqlite Sqlite 3.20.1 Sqlite Sqlite 3.21.0 Sqlite Sqlite 3.22.0	284
OS	Debian Debian Debian Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0037.NASL
description	An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111297
published	2018-07-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111297
title	Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111297); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-12627", "CVE-2017-18207", "CVE-2018-1303", "CVE-2018-2573", "CVE-2018-2583", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2703", "CVE-2018-6594", "CVE-2018-6951", "CVE-2018-7208", "CVE-2018-7549", "CVE-2018-7643", "CVE-2018-7738", "CVE-2018-7750", "CVE-2018-8740", "CVE-2018-1000030", "CVE-2018-1000116", "CVE-2018-1000117", "CVE-2018-1000132" ); script_bugtraq_id( 102678, 102681, 102682, 102704, 102706, 102708, 102709, 102710, 103044, 103077, 103219, 103264, 103367, 103466, 103522, 103713, 104527 ); script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-37 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-4.ph2", "binutils-debuginfo-2.30-4.ph2", "binutils-devel-2.30-4.ph2", "mercurial-4.5.3-1.ph2", "mercurial-debuginfo-4.5.3-1.ph2", "mysql-5.7.21-1.ph2", "mysql-debuginfo-5.7.21-1.ph2", "mysql-devel-5.7.21-1.ph2", "net-snmp-5.7.3-8.ph2", "net-snmp-debuginfo-5.7.3-8.ph2", "net-snmp-devel-5.7.3-8.ph2", "paramiko-2.1.5-1.ph2", "patch-2.7.5-5.ph2", "patch-debuginfo-2.7.5-5.ph2", "pmd-python2-0.0.5-5.ph2", "pmd-python3-0.0.5-5.ph2", "pycrypto-2.6.1-4.ph2", "pycrypto-debuginfo-2.6.1-4.ph2", "python2-2.7.13-12.ph2", "python2-debuginfo-2.7.13-12.ph2", "python2-devel-2.7.13-12.ph2", "python2-libs-2.7.13-12.ph2", "python2-test-2.7.13-12.ph2", "python2-tools-2.7.13-12.ph2", "python3-3.6.5-1.ph2", "python3-curses-3.6.5-1.ph2", "python3-debuginfo-3.6.5-1.ph2", "python3-devel-3.6.5-1.ph2", "python3-libs-3.6.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-paramiko-2.1.5-1.ph2", "python3-pip-3.6.5-1.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-pycrypto-2.6.1-4.ph2", "python3-setuptools-3.6.5-1.ph2", "python3-test-3.6.5-1.ph2", "python3-tools-3.6.5-1.ph2", "python3-xml-3.6.5-1.ph2", "sqlite-3.22.0-2.ph2", "sqlite-debuginfo-3.22.0-2.ph2", "sqlite-devel-3.22.0-2.ph2", "sqlite-libs-3.22.0-2.ph2", "util-linux-2.32-1.ph2", "util-linux-debuginfo-2.32-1.ph2", "util-linux-devel-2.32-1.ph2", "util-linux-lang-2.32-1.ph2", "util-linux-libs-2.32-1.ph2", "xerces-c-3.2.1-1.ph2", "xerces-c-debuginfo-3.2.1-1.ph2", "xerces-c-devel-3.2.1-1.ph2", "zsh-5.3.1-6.ph2", "zsh-debuginfo-5.3.1-6.ph2", "zsh-html-5.3.1-6.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1522-1.NASL
description	This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125986
published	2019-06-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125986
title	SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1522-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125986); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2017-10989", "CVE-2018-8740", "CVE-2019-8457"); script_name(english:"SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132045" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-10989/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-8740/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-8457/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191522-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e727aefe" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2019-1522=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debuginfo-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debugsource-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-32bit-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-32bit-3.8.3.1-2.12.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0126_SQLITE.NASL
description	An update of the sqlite package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121829
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121829
title	Photon OS 1.0: Sqlite PHSA-2018-1.0-0126
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121829); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-8740"); script_name(english:"Photon OS 1.0: Sqlite PHSA-2018-1.0-0126"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the sqlite package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-126.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-3.22.0-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-debuginfo-3.22.0-2.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1138.NASL
description	According to the version of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-05-29
plugin id	110142
published	2018-05-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110142
title	EulerOS 2.0 SP1 : memcached (EulerOS-SA-2018-1138)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110142); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-1000127" ); script_name(english:"EulerOS 2.0 SP1 : memcached (EulerOS-SA-2018-1138)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1138 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1b1551e"); script_set_attribute(attribute:"solution", value: "Update the affected memcached package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:memcached"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["memcached-1.4.15-9.h2"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "memcached"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1426.NASL
description	This update for sqlite3 fixes the following issues : Security issue fixed : - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125325
published	2019-05-22
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125325
title	openSUSE Security Update : sqlite3 (openSUSE-2019-1426)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1426. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125325); script_version("1.2"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2017-10989", "CVE-2018-8740"); script_name(english:"openSUSE Security Update : sqlite3 (openSUSE-2019-1426)"); script_summary(english:"Check for the openSUSE-2019-1426 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issues : Security issue fixed : - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). This update was imported from the SUSE:SLE-12-SP1:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132045" ); script_set_attribute( attribute:"solution", value:"Update the affected sqlite3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsqlite3-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsqlite3-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsqlite3-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sqlite3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sqlite3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sqlite3-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"libsqlite3-0-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsqlite3-0-debuginfo-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sqlite3-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sqlite3-debuginfo-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sqlite3-debugsource-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"sqlite3-devel-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-11.7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-11.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsqlite3-0 / libsqlite3-0-32bit / libsqlite3-0-debuginfo / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-AACE372C3F.NASL
description	Security fix for CVE-2018-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-28
plugin id	108671
published	2018-03-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108671
title	Fedora 26 : sqlite (2018-aace372c3f)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-aace372c3f. # include("compat.inc"); if (description) { script_id(108671); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-8740"); script_xref(name:"FEDORA", value:"2018-aace372c3f"); script_name(english:"Fedora 26 : sqlite (2018-aace372c3f)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-aace372c3f" ); script_set_attribute( attribute:"solution", value:"Update the affected sqlite package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"sqlite-3.20.1-2.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1136.NASL
description	According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-05-29
plugin id	110140
published	2018-05-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110140
title	EulerOS 2.0 SP1 : sqlite (EulerOS-SA-2018-1136)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110140); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-8740" ); script_name(english:"EulerOS 2.0 SP1 : sqlite (EulerOS-SA-2018-1136)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1136 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1befef7"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["sqlite-3.7.17-6.1.h1", "sqlite-devel-3.7.17-6.1.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-BB66329DEE.NASL
description	Security fix for CVE-2018-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120739
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120739
title	Fedora 28 : sqlite (2018-bb66329dee)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-bb66329dee. # include("compat.inc"); if (description) { script_id(120739); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-8740"); script_xref(name:"FEDORA", value:"2018-bb66329dee"); script_name(english:"Fedora 28 : sqlite (2018-bb66329dee)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb66329dee" ); script_set_attribute( attribute:"solution", value:"Update the affected sqlite package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"sqlite-3.22.0-4.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1208-1.NASL
description	This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124856
published	2019-05-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124856
title	SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1208-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(124856); script_version("1.3"); script_cvs_date("Date: 2020/01/17"); script_cve_id("CVE-2017-10989", "CVE-2018-8740"); script_name(english:"SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132045" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-10989/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-8740/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191208-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f79ab67b" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1208=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1208=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1208=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1208=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1208=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1208=1 SUSE CaaS Platform ALL : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. SUSE CaaS Platform 3.0 : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1208=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3\|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3/4", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3\|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debugsource-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debugsource-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4394-1.NASL
description	It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603) It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645) Henry Liu discovered that SQLite incorrectly handled certain malformed window-function queries. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-11655) It was discovered that SQLite incorrectly handled certain string operations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13434) It was discovered that SQLite incorrectly handled certain expressions. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13630) It was discovered that SQLite incorrectly handled certain virtual table names. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13631) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13632). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-12
modified	2020-06-11
plugin id	137353
published	2020-06-11
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137353
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : sqlite3 vulnerabilities (USN-4394-1)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0126.NASL
description	An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111930
published	2018-08-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111930
title	Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_C1630AA3797011E88634DCFE074BD614.NASL
description	MITRE reports : SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
last seen	2020-06-01
modified	2020-06-02
plugin id	111091
published	2018-07-16
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111091
title	FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1425.NASL
description	According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that SQLite
last seen	2020-06-01
modified	2020-06-02
plugin id	124928
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124928
title	EulerOS Virtualization 3.0.1.0 : sqlite (EulerOS-SA-2019-1425)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1180.NASL
description	According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-07-03
plugin id	110844
published	2018-07-03
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110844
title	EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2018-1180)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-07E15AD5A5.NASL
description	Security fix for CVE-2018-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-28
plugin id	108665
published	2018-03-28
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108665
title	Fedora 27 : sqlite (2018-07e15ad5a5)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6D52BDA12E5411E8A68F485B3931C969.NASL
description	MITRE reports : SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
last seen	2020-06-01
modified	2020-06-02
plugin id	108574
published	2018-03-23
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108574
title	FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (6d52bda1-2e54-11e8-a68f-485b3931c969)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1341.NASL
description	According to the version of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118429
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118429
title	EulerOS Virtualization 2.5.0 : sqlite (EulerOS-SA-2018-1341)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1137.NASL
description	According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-05-29
plugin id	110141
published	2018-05-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110141
title	EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2018-1137)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4205-1.NASL
description	It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244) It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018) It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131561
published	2019-12-03
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131561
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : sqlite3 vulnerabilities (USN-4205-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1633.NASL
description	Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of service or arbitrary code execution. CVE-2017-2520 The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial of service. CVE-2017-10989 SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact. CVE-2018-8740 Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. For Debian 8
last seen	2020-03-17
modified	2019-01-14
plugin id	121133
published	2019-01-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121133
title	Debian DLA-1633-1 : sqlite3 security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References