Bug 1558804 (CVE-2018-8740)

Summary: CVE-2018-8740 sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: alex, databases-maint, drizt72, erik-fedora, fedora, hhorak, itamar, jakub.dornak, jstanek, mschorm, pkubat, pmatilai, praiskup, rjones, slawomir, wilmer5
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference vulnerability was found in SQLite. Loading a database whose schema was corrupted using a CREATE TABLE AS statement would result in a SQLite crash.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:18:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1558806, 1558805, 1558807, 1558808, 1558809, 1558810, 1573270    
Bug Blocks: 1558811    

Description Sam Fowler 2018-03-21 04:05:03 UTC
SQLite through version 3.22.0 is vulnerable to a NULL pointer dereference when using databases that have been corrupted with 'CREATE TABLE AS' statements. An attacker could exploit this with a crafted database file to trigger a crash and resulting denial of service.


Upstream Patch:

https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b


Additional References:

http://seclists.org/oss-sec/2018/q1/244

Comment 1 Sam Fowler 2018-03-21 04:05:46 UTC
Created mingw-sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1558808]


Created sqlite2 tracking bugs for this issue:

Affects: fedora-all [bug 1558805]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 1558809]


Created sqlite2 tracking bugs for this issue:

Affects: epel-all [bug 1558806]


Created mingw-sqlite tracking bugs for this issue:

Affects: epel-7 [bug 1558807]

Comment 3 Petr Kubat 2018-03-21 14:09:53 UTC
Reproducer for this can be found in:

https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349

Comment 7 Andrej Nemec 2018-12-11 09:20:36 UTC
Statement:

Red Hat Product Security has rated this issue as having a security impact of Low. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.