{"id":"USN-4298-1","summary":"sqlite3 vulnerabilities","details":"It was discovered that SQLite incorrectly handled certain shadow tables. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-13734,\nCVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt records.\nAn attacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree rewriting. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP archives. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925,\nCVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during parsing. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column\noptimizations. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327)\n","modified":"2026-02-10T04:41:47Z","published":"2020-03-10T13:04:02Z","related":["UBUNTU-CVE-2019-13734","UBUNTU-CVE-2019-13750","UBUNTU-CVE-2019-13751","UBUNTU-CVE-2019-13752","UBUNTU-CVE-2019-13753","UBUNTU-CVE-2019-19923","UBUNTU-CVE-2019-19925","UBUNTU-CVE-2019-19926","UBUNTU-CVE-2019-19959","UBUNTU-CVE-2019-20218","UBUNTU-CVE-2020-9327"],"upstream":["CVE-2019-13734","CVE-2019-13750","CVE-2019-13751","CVE-2019-13752","CVE-2019-13753","CVE-2019-19880","CVE-2019-19923","CVE-2019-19925","CVE-2019-19926","CVE-2019-19959","CVE-2019-20218","CVE-2020-9327","UBUNTU-CVE-2019-13734","UBUNTU-CVE-2019-13750","UBUNTU-CVE-2019-13751","UBUNTU-CVE-2019-13752","UBUNTU-CVE-2019-13753","UBUNTU-CVE-2019-19880","UBUNTU-CVE-2019-19923","UBUNTU-CVE-2019-19924","UBUNTU-CVE-2019-19925","UBUNTU-CVE-2019-19926","UBUNTU-CVE-2019-19959","UBUNTU-CVE-2019-20218","UBUNTU-CVE-2020-9327"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4298-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13734"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13750"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13751"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13752"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13753"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19880"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19923"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19924"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19925"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19926"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19959"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20218"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-9327"}],"affected":[{"package":{"name":"sqlite3","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/sqlite3@3.11.0-1ubuntu1.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.0-1ubuntu1.4"}]}],"versions":["3.8.11.1-1","3.9.1-2","3.9.2-1","3.10.0-1","3.10.1-1","3.10.2-1","3.11.0-1ubuntu1","3.11.0-1ubuntu1.1","3.11.0-1ubuntu1.2","3.11.0-1ubuntu1.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.11.0-1ubuntu1.4","binary_name":"lemon"},{"binary_version":"3.11.0-1ubuntu1.4","binary_name":"libsqlite3-0"},{"binary_version":"3.11.0-1ubuntu1.4","binary_name":"libsqlite3-dev"},{"binary_version":"3.11.0-1ubuntu1.4","binary_name":"libsqlite3-tcl"},{"binary_version":"3.11.0-1ubuntu1.4","binary_name":"sqlite3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13734"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13750"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13751"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13752"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13753"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-19926"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-20218"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4298-1.json"}},{"package":{"name":"sqlite3","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.22.0-1ubuntu0.3"}]}],"versions":["3.19.3-3","3.20.1-2","3.21.0-1","3.22.0-1","3.22.0-1ubuntu0.1","3.22.0-1ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.22.0-1ubuntu0.3","binary_name":"lemon"},{"binary_version":"3.22.0-1ubuntu0.3","binary_name":"libsqlite3-0"},{"binary_version":"3.22.0-1ubuntu0.3","binary_name":"libsqlite3-dev"},{"binary_version":"3.22.0-1ubuntu0.3","binary_name":"libsqlite3-tcl"},{"binary_version":"3.22.0-1ubuntu0.3","binary_name":"sqlite3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13734"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13750"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13751"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13752"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13753"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-19923"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-19925"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-19926"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-19959"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-20218"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-9327"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4298-1.json"}}],"schema_version":"1.7.3"}