CVE-2018-20346
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
21/12/2018
Last modified:
07/11/2023
Description
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | 3.25.3 (excluding) | |
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 71.0.3578.80 (excluding) | |
| cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
- http://www.securityfocus.com/bid/106323
- https://access.redhat.com/articles/3758321
- https://blade.tencent.com/magellan/index_en.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1659379
- https://bugzilla.redhat.com/show_bug.cgi?id=1659677
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
- https://crbug.com/900910
- https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
- https://news.ycombinator.com/item?id=18685296
- https://security.gentoo.org/glsa/201904-21
- https://sqlite.org/src/info/940f2adc8541a838
- https://sqlite.org/src/info/d44318f59044162e
- https://support.apple.com/HT209443
- https://support.apple.com/HT209446
- https://support.apple.com/HT209447
- https://support.apple.com/HT209448
- https://support.apple.com/HT209450
- https://support.apple.com/HT209451
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- https://worthdoingbadly.com/sqlitebug/
- https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
- https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.sqlite.org/releaselog/3_25_3.html
- https://www.synology.com/security/advisory/Synology_SA_18_61