QwikSec

Security Database

CVE

CWE

Training

CVE-2018-20346

Published: Dec 21, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://worthdoingbadly.com/sqlitebug/

x_refsource_MISC

https://support.apple.com/HT209446

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1659379

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1659677

x_refsource_MISC

[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update

mailing-list

x_refsource_MLIST

https://www.synology.com/security/advisory/Synology_SA_18_61

x_refsource_CONFIRM

https://access.redhat.com/articles/3758321

x_refsource_MISC

https://support.apple.com/HT209443

x_refsource_CONFIRM

https://blade.tencent.com/magellan/index_en.html

x_refsource_MISC

https://support.apple.com/HT209451

x_refsource_CONFIRM

https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html

x_refsource_MISC

https://news.ycombinator.com/item?id=18685296

x_refsource_MISC

https://support.apple.com/HT209450

x_refsource_CONFIRM

https://sqlite.org/src/info/940f2adc8541a838

x_refsource_MISC

https://support.apple.com/HT209448

x_refsource_CONFIRM

https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e

x_refsource_MISC

https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html

x_refsource_MISC

vdb-entry

x_refsource_BID

https://crbug.com/900910

x_refsource_MISC

https://sqlite.org/src/info/d44318f59044162e

x_refsource_MISC

FreeBSD-EN-19:03

vendor-advisory

x_refsource_FREEBSD

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

x_refsource_MISC

https://www.sqlite.org/releaselog/3_25_3.html

x_refsource_MISC

https://support.apple.com/HT209447

x_refsource_CONFIRM

openSUSE-SU-2019:1159

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1222

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

FEDORA-2019-49f80a78bc

vendor-advisory

x_refsource_FEDORA

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update

mailing-list

x_refsource_MLIST

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.