PublicDateAtUSN: 2018-03-17 00:29:00 UTC
Candidate: CVE-2018-8740
PublicDate: 2018-03-17 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740
 https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema
 https://ubuntu.com/security/notices/USN-4205-1
 https://ubuntu.com/security/notices/USN-4394-1
Description:
 In SQLite through 3.22.0, databases whose schema is corrupted using a
 CREATE TABLE AS statement could cause a NULL pointer dereference, related
 to build.c and prepare.c.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893195
 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_sqlite3:
 upstream: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
 upstream: https://github.com/sqlite/sqlite/commit/1e9c47be1e81e94a67f788c98fd70e8bf70e3746
upstream_sqlite3: released (3.22.0-2)
precise/esm_sqlite3: released (3.7.9-2ubuntu1.4)
trusty_sqlite3: released (3.8.2-1ubuntu2.2)
trusty/esm_sqlite3: released (3.8.2-1ubuntu2.2)
xenial_sqlite3: released (3.11.0-1ubuntu1.1)
esm-infra/xenial_sqlite3: released (3.11.0-1ubuntu1.1)
artful_sqlite3: ignored (reached end-of-life)
bionic_sqlite3: released (3.22.0-1ubuntu0.4)
cosmic_sqlite3: not-affected (3.22.0-1)
disco_sqlite3: not-affected (3.22.0-1)
eoan_sqlite3: not-affected (3.22.0-1)
focal_sqlite3: not-affected (3.22.0-1)
devel_sqlite3: not-affected (3.22.0-1)