CVE-2017-7000
Publication date 3 April 2018
Last updated 24 July 2024
Ubuntu priority
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 61.0.3163.100-0ubuntu1.1378
|
|
| 16.04 LTS xenial |
Fixed 61.0.3163.100-0ubuntu0.16.04.1306
|
|
| 14.04 LTS trusty |
Fixed 61.0.3163.100-0ubuntu0.14.04.1202
|
|
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored Ubuntu touch end-of-life | |
| 14.04 LTS trusty | Not in release | |
| sqlite | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| sqlite3 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
mdeslaur
the fix for this issue was to introduce a new API in sqlite. This flaw is in chromium-browser, not in sqlite itself.
Patch details
| Package | Patch details |
|---|---|
| chromium-browser | |
| sqlite3 |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |