CVE-2018-20346 Information

Jun 07, 2022 cve

Description

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases) aka Magellan.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.sqlite.org/releaselog/3_25_3.html https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html https://crbug.com/900910 https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://bugzilla.redhat.com/show_bug.cgi?id=1659677 https://bugzilla.redhat.com/show_bug.cgi?id=1659379 https://blade.tencent.com/magellan/index_en.html https://access.redhat.com/articles/3758321 https://worthdoingbadly.com/sqlitebug/ https://sqlite.org/src/info/d44318f59044162e https://sqlite.org/src/info/940f2adc8541a838 https://news.ycombinator.com/item?id=18685296 https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html https://www.synology.com/security/advisory/Synology_SA_18_61 http://www.securityfocus.com/bid/106323 https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html https://security.gentoo.org/glsa/201904-21 https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/ https://support.apple.com/HT209448 https://support.apple.com/HT209447 https://support.apple.com/HT209446 https://support.apple.com/HT209451 https://support.apple.com/HT209443 https://support.apple.com/HT209450 https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1

Share on: