Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-20346

Опубликовано: 21 дек. 2018
Источник: debian
EPSS Средний

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sqlite3fixed3.25.3-1package
sqlitenot-affectedpackage
chromiumfixed71.0.3578.80-1package

Примечания

  • https://blade.tencent.com/magellan/index_en.html

  • RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379

  • Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677

  • Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28

  • https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html

  • Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838

EPSS

Процентиль: 95%
0.16791
Средний

Связанные уязвимости

ubuntu логотип

CVE-2018-20346

CVSS3: 8.1
ubuntu
больше 6 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

redhat логотип

CVE-2018-20346

CVSS3: 7
redhat
больше 6 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

nvd логотип

CVE-2018-20346

CVSS3: 8.1
nvd
больше 6 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

msrc логотип

CVE-2018-20346

CVSS3: 8.1
msrc
около 1 года назад

Описание отсутствует

suse-cvrf логотип

openSUSE-SU-2019:1159-1

suse-cvrf
больше 6 лет назад

Security update for sqlite3

EPSS

Процентиль: 95%
0.16791
Средний