The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SQLite: NULL pointer dereference via dump_callback

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Vulnerable software: Fedora, Juniper EX-Series, Juniper J-Series, Junos OS, MX-Series, PTX-Series, QFX-Series, SRX-Series, Oracle DB, SQLite, Ubuntu.
Severity of this announce: 1/4.
Creation date: 31/08/2017.
Références of this computer vulnerability: cpuoct2020, CVE-2017-13685, FEDORA-2018-8d8f0e1643, JSA11055, USN-4019-1, USN-4019-2, VIGILANCE-VUL-23653.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as Fedora, Juniper EX-Series, Juniper J-Series, Junos OS, MX-Series, PTX-Series, QFX-Series, SRX-Series, Oracle DB, SQLite, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness alert is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

Fedora 27: new sqlite packages.
New packages are available:
  Fedora 27: sqlite 3.20.1-3.fc27

Junos OS: fixed versions for SQLite.
Fixed versions are indicated in information sources.

Oracle Database: CPU of October 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2694898.1

Ubuntu: new sqlite3 packages.
New packages are available:
  Ubuntu 19.04: sqlite3 3.27.2-2ubuntu0.1
  Ubuntu 18.10: sqlite3 3.24.0-1ubuntu0.1
  Ubuntu 18.04 LTS: sqlite3 3.22.0-1ubuntu0.1
  Ubuntu 16.04 LTS: sqlite3 3.11.0-1ubuntu1.2
  Ubuntu 14.04 ESM: sqlite3 3.8.2-1ubuntu2.2+esm1
  Ubuntu 12.04 ESM: sqlite3 3.7.9-2ubuntu1.3

Wind River Linux: solution (21/05/2019).
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.