CVE-2018-20346

Опубликовано: 04 дек. 2018

Источник: redhat

CVSS3: 7

EPSS Средний

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Multiple flaws were found in sqlite. An attacker having the ability to run arbitrary SQL commands could use this flaw to execute arbitrary code with the permission of the user running the sqlite application.

Отчет

This flaw does not affect the versions of sqlite package shipped with Red Hat Enterprise Linux 5, 6 and 7. This flaw in sqlite can be exploited by attackers only if they are able to run arbitrary SQL statements on the sqlite database. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1659379#c12

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	sqlite	Not affected
Red Hat Enterprise Linux 6	sqlite	Not affected
Red Hat Enterprise Linux 7	sqlite	Not affected
Red Hat Enterprise Linux 8	sqlite	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1659379sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)

EPSS

Процентиль: 95%

0.16791

Средний

7 High

CVSS3

Связанные уязвимости

CVE-2018-20346

CVSS3: 8.1

ubuntu

больше 6 лет назад

CVE-2018-20346

CVSS3: 8.1

nvd

больше 6 лет назад

CVE-2018-20346

CVSS3: 8.1

msrc

около 1 года назад

Описание отсутствует

CVE-2018-20346

CVSS3: 8.1

debian

больше 6 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...

openSUSE-SU-2019:1159-1

suse-cvrf

больше 6 лет назад

Security update for sqlite3

EPSS

Процентиль: 95%

0.16791

Средний

7 High

CVSS3