Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2018-20506

Published: 03/04/2019 Updated: 31/07/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Sqlite

Vulnerability Summary

SQLite prior to 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote malicious users to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlite sqlite

apple iphone os

apple mac os x

apple tvos

apple watchos

apple icloud

apple itunes

opensuse leap 42.3

Vendor Advisories

Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...
Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra <!--X ...
Full Disclosure: APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-1-24-1 iTunes 1293 for Windows <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...

References

CWE-190https://support.apple.com/kb/HT209451https://support.apple.com/kb/HT209450https://support.apple.com/kb/HT209448https://support.apple.com/kb/HT209447https://support.apple.com/kb/HT209446https://support.apple.com/kb/HT209443https://sqlite.org/src/info/940f2adc8541a838https://seclists.org/bugtraq/2019/Jan/39https://seclists.org/bugtraq/2019/Jan/33https://seclists.org/bugtraq/2019/Jan/32https://seclists.org/bugtraq/2019/Jan/31https://seclists.org/bugtraq/2019/Jan/29https://seclists.org/bugtraq/2019/Jan/28http://www.securityfocus.com/bid/106698http://seclists.org/fulldisclosure/2019/Jan/69http://seclists.org/fulldisclosure/2019/Jan/68http://seclists.org/fulldisclosure/2019/Jan/67http://seclists.org/fulldisclosure/2019/Jan/66http://seclists.org/fulldisclosure/2019/Jan/64http://seclists.org/fulldisclosure/2019/Jan/62http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.htmlhttps://security.netapp.com/advisory/ntap-20190502-0004/https://usn.ubuntu.com/4019-1/https://usn.ubuntu.com/4019-2/https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00037.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10365https://nvd.nist.govhttps://usn.ubuntu.com/4019-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook