Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20505

Опубликовано: 04 дек. 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Multiple flaws were found in sqlite. An attacker having the ability to run arbitrary SQL commands could use this flaw to execute arbitrary code with the permission of the user running the sqlite application.

Отчет

This flaw does not affect the versions of sqlite package shipped with Red Hat Enterprise Linux 5, 6 and 7. This flaw in sqlite can be exploited by attackers only if they are able to run arbitrary SQL statements on the sqlite database. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1659379#c12

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteNot affected
Red Hat Enterprise Linux 8sqliteNot affected

Показывать по

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1659379sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)

EPSS

Процентиль: 92%
0.07886
Низкий

7 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 6 лет назад

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

CVSS3: 7.5
nvd
больше 6 лет назад

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

CVSS3: 7.5
debian
больше 6 лет назад

SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...

CVSS3: 7.5
github
больше 3 лет назад

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

EPSS

Процентиль: 92%
0.07886
Низкий

7 High

CVSS3