Vulnerabilities > CVE-2019-5827 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
google
opensuse
fedoraproject
debian
canonical
CWE-190
nessus
NVD
Published: 2019-06-27
Updated: 2023-11-07

Summary

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Vulnerable Configurations

Part Description Count
Application
Google
4540
OS
Opensuse
4
OS
Fedoraproject
2
OS
Debian
2
OS
Canonical
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8641591B3C.NASL
    descriptionSecurity fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125274
    published2019-05-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125274
    titleFedora 30 : sqlite (2019-8641591b3c)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-8641591b3c.
#

include("compat.inc");

if (description)
{
  script_id(125274);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/15");

  script_cve_id("CVE-2019-5827", "CVE-2019-9936", "CVE-2019-9937");
  script_xref(name:"FEDORA", value:"2019-8641591b3c");

  script_name(english:"Fedora 30 : sqlite (2019-8641591b3c)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8641591b3c"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected sqlite package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"sqlite-3.26.0-5.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4500.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. - CVE-2019-5807 TimGMichaud discovered a memory corruption issue in the v8 JavaScript library. - CVE-2019-5808 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5809 Mark Brand discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5810 Mark Amery discovered an information disclosure issue. - CVE-2019-5811 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5813 Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 JavaScript library. - CVE-2019-5814 @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5815 Nicolas Gregoire discovered a buffer overflow issue in Blink/Webkit. - CVE-2019-5818 Adrian Tolbaru discovered an uninitialized value issue. - CVE-2019-5819 Svyat Mitin discovered an error in the developer tools. - CVE-2019-5820 pdknsk discovered an integer overflow issue in the pdfium library. - CVE-2019-5821 pdknsk discovered another integer overflow issue in the pdfium library. - CVE-2019-5822 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. - CVE-2019-5823 David Erceg discovered a navigation error. - CVE-2019-5824 leecraso and Guang Gong discovered an error in the media player. - CVE-2019-5825 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-5826 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue. - CVE-2019-5827 mlfbrown discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-5828 leecraso and Guang Gong discovered a use-after-free issue. - CVE-2019-5829 Lucas Pinheiro discovered a use-after-free issue. - CVE-2019-5830 Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature. - CVE-2019-5831 yngwei discovered a map error in the v8 JavaScript library. - CVE-2019-5832 Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature. - CVE-2019-5833 Khalil Zhani discovered a user interface error. - CVE-2019-5834 Khalil Zhani discovered a URL spoofing issue. - CVE-2019-5836 Omair discovered a buffer overflow issue in the Angle library. - CVE-2019-5837 Adam Iawniuk discovered an information disclosure issue. - CVE-2019-5838 David Erceg discovered an error in extension permissions. - CVE-2019-5839 Masato Kinugawa discovered implementation errors in Blink/Webkit. - CVE-2019-5840 Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker. - CVE-2019-5842 BUGFENSE discovered a use-after-free issue in Blink/Webkit. - CVE-2019-5847 m3plex discovered an error in the v8 JavaScript library. - CVE-2019-5848 Mark Amery discovered an information disclosure issue. - CVE-2019-5849 Zhen Zhou discovered an out-of-bounds read in the Skia library. - CVE-2019-5850 Brendon Tiszka discovered a use-after-free issue in the offline page fetcher. - CVE-2019-5851 Zhe Jin discovered a use-after-poison issue. - CVE-2019-5852 David Erceg discovered an information disclosure issue. - CVE-2019-5853 Yngwei and sakura discovered a memory corruption issue. - CVE-2019-5854 Zhen Zhou discovered an integer overflow issue in the pdfium library. - CVE-2019-5855 Zhen Zhou discovered an integer overflow issue in the pdfium library. - CVE-2019-5856 Yongke Wang discovered an error related to filesystem: URI permissions. - CVE-2019-5857 cloudfuzzer discovered a way to crash chromium. - CVE-2019-5858 evil1m0 discovered an information disclosure issue. - CVE-2019-5859 James Lee discovered a way to launch alternative browsers. - CVE-2019-5860 A use-after-free issue was discovered in the v8 JavaScript library. - CVE-2019-5861 Robin Linus discovered an error determining click location. - CVE-2019-5862 Jun Kokatsu discovered an error in the AppCache implementation. - CVE-2019-5864 Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions. - CVE-2019-5865 Ivan Fratric discovered a way to bypass the site isolation feature. - CVE-2019-5867 Lucas Pinheiro discovered an out-of-bounds read issue in the v8 JavaScript library. - CVE-2019-5868 banananapenguin discovered a use-after-free issue in the v8 JavaScript library.
    last seen2020-03-17
    modified2019-08-14
    plugin id127868
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127868
    titleDebian DSA-4500-1 : chromium - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A1AF621FAF.NASL
    descriptionFix itinerant crashes. ---- Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-07-25
    plugin id126995
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126995
    titleFedora 29 : chromium (2019-a1af621faf)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_74_0_3729_131.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 74.0.3729.131. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_30 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2019-05-02
    plugin id124459
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124459
    titleGoogle Chrome < 74.0.3729.131 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_74_0_3729_131.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 74.0.3729.131. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_04_stable-channel-update- for-desktop_30 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2019-05-02
    plugin id124460
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124460
    titleGoogle Chrome < 74.0.3729.131 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1243.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 74.0.3729.131. Security Fix(es) : * chromium-browser: out-of-bounds access in SQLite (CVE-2019-5827) * chromium-browser: parameter passing error in media player leading to unauthorized access (CVE-2019-5824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-05-17
    plugin id125240
    published2019-05-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125240
    titleRHEL 6 : chromium-browser (RHSA-2019:1243)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1456.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player
    last seen2020-05-31
    modified2019-05-28
    plugin id125456
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125456
    titleopenSUSE Security Update : chromium (openSUSE-2019-1456)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A01751837D.NASL
    descriptionSecurity fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125685
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125685
    titleFedora 29 : sqlite (2019-a01751837d)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1666.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) : - CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332 : - CVE-2019-5828: Use after free in ServiceWorker - CVE-2019-5829: Use after free in Download Manager - CVE-2019-5830: Incorrectly credentialed requests in CORS - CVE-2019-5831: Incorrect map processing in V8 - CVE-2019-5832: Incorrect CORS handling in XHR - CVE-2019-5833: Inconsistent security UI placemen - CVE-2019-5835: Out of bounds read in Swiftshader - CVE-2019-5836: Heap buffer overflow in Angle - CVE-2019-5837: Cross-origin resources size disclosure in Appcache - CVE-2019-5838: Overly permissive tab access in Extensions - CVE-2019-5839: Incorrect handling of certain code points in Blink - CVE-2019-5840: Popup blocker bypass - Various fixes from internal audits, fuzzing and other initiatives - CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169 : - Feature fixes update only Update to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103 : - Various feature fixes Update to 73.0.3683.86 : - Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059 : - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with JavaScript URLs
    last seen2020-05-31
    modified2019-07-01
    plugin id126368
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126368
    titleopenSUSE Security Update : chromium (openSUSE-2019-1666)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-16 (SQLite: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134593
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134593
    titleGLSA-202003-16 : SQLite: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8FB8240D14.NASL
    descriptionUpdate to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-01
    plugin id126359
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126359
    titleFedora 30 : chromium (2019-8fb8240d14)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4205-1.NASL
    descriptionIt was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244) It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018) It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131561
    published2019-12-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131561
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : sqlite3 vulnerabilities (USN-4205-1)

Redhat

rpms
  • chromium-browser-0:74.0.3729.131-1.el6_10
  • chromium-browser-debuginfo-0:74.0.3729.131-1.el6_10

References