Chrome could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds access in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. External References: https://exchange.xforce.ibmcloud.com/vulnerabilities/160450
Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1706806] Affects: fedora-all [bug 1706807]
External References: https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
The following upstream commits fix this issue: https://www.sqlite.org/src/info/07ee06fd390bfebe https://www.sqlite.org/src/info/0b6ae032c28e7fe3
Analysis: This issue is caused by mismatch of data types between memory allocation functions. And is specially related to chromium browser: chrome_sqlite3_malloc takes an int size argument, while memcpy takes a size_t size argument. On x86-64 this means that chrome_sqlite_3_malloc's size argument is width 32, while memcpy's is width 64. This can lead to potentially concerning wrapping behavior for extreme allocation sizes (depending on the compiler, optimizations, etc). The patchset also includes the ability to restrict the size of virtual tables in sqlite. Though this is not directly related to standalone sqlite implementations it tends to prevent DoS via memory exhaustion. https://www.sqlite.org/src/info/07ee06fd390bfebe is however related to the issue since it ensures that 64-bit allocations are used in the FTS3 extension. Because it is not possible to directly trigger the flaw in sqlite, it is rated as having moderate impact.
Created mingw-sqlite tracking bugs for this issue: Affects: fedora-all [bug 1710213] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1710212]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1243 https://access.redhat.com/errata/RHSA-2019:1243
Can you please elaborate on why this is not being fixed in RHEL 7 or 8? https://access.redhat.com/security/cve/cve-2019-5827 This is being flagged in ubi8-minimal base image which is used by nearly all IBM products by 3rd party scanning tools such as Aquasecurity Trivy.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-5827
(In reply to Chris Johnson from comment #11) > Can you please elaborate on why this is not being fixed in RHEL 7 or 8? > https://access.redhat.com/security/cve/cve-2019-5827 > > This is being flagged in ubi8-minimal base image which is used by nearly all > IBM products by 3rd party scanning tools such as Aquasecurity Trivy. Please note, that while this ticket is rated high, the related RHEL7 (bug 1710183) and RHEL8 (bug 1710184) trackers are rated medium. That means they were evaluated not severe enough to be fixed. If you think these bugs should be addressed, please contact Red Hat support to help to prioritize those appropriately.
Statement: This flaw is not remotely exploitable for sqlite package shipped with Red Hat Enterprise Linux therefore it is rated as having moderate impact for sqlite.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4396 https://access.redhat.com/errata/RHSA-2021:4396