Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-20506

Опубликовано: 03 апр. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.1

Описание

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

РелизСтатусПримечание
bionic

released

3.22.0-1ubuntu0.1
cosmic

released

3.24.0-1ubuntu0.1
devel

not-affected

3.27.2-1
disco

not-affected

3.27.2-1
esm-infra-legacy/trusty

released

3.8.2-1ubuntu2.2+esm1
esm-infra/bionic

released

3.22.0-1ubuntu0.1
esm-infra/xenial

released

3.11.0-1ubuntu1.2
precise/esm

not-affected

3.7.9-2ubuntu1.3
trusty

ignored

end of standard support
trusty/esm

released

3.8.2-1ubuntu2.2+esm1

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.08492
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-20506

CVSS3: 7
redhat
около 7 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

nvd логотип

CVE-2018-20506

CVSS3: 8.1
nvd
почти 7 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

msrc логотип

CVE-2018-20506

CVSS3: 8.1
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2018-20506

CVSS3: 8.1
debian
почти 7 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...

github логотип

GHSA-hfxx-8v8g-6rcx

CVSS3: 8.1
github
больше 3 лет назад

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

EPSS

Процентиль: 92%
0.08492
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3