Debian Security Advisory

DLA-2203-1 sqlite3 -- LTS security update

Date Reported:
05 May 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-11655.
More information:

It was discovered that there was a denial of service attack in the SQLite database, often embedded into other programs and servers.

In the event of a semantic error in an aggregate query, SQLite did not return early from the "resetAccumulator()" function which would lead to a crash via a segmentation fault.

  • CVE-2020-11655

    SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

For Debian 8 Jessie, these problems have been fixed in version

We recommend that you upgrade your sqlite3 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: