CVE-2018-20506
Summary
| CVE | CVE-2018-20506 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-03 18:29:00 UTC |
| Updated | 2021-07-31 08:15:00 UTC |
| Description | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Application | Sqlite | Sqlite | All | All | All | All |
| Application | Sqlite | Sqlite | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of tvOS 12.1.2 - Apple Support | MISC | support.apple.com | Third Party Advisory |
| About the security content of iOS 12.1.3 - Apple Support | MISC | support.apple.com | Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 | MISC | seclists.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2019:1222-1: moderate: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 | MISC | seclists.org | Mailing List, Third Party Advisory |
| About the security content of iCloud for Windows 7.10 - Apple Support | MISC | support.apple.com | Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra | MISC | seclists.org | Mailing List, Third Party Advisory |
| Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-15719, CVE-2019-1543, CVE-2019-1547, CVE-2019-1552, CVE-2019-1563, CVE-2019-8457, CVE-2018-20506, CVE-2018-20346, CVE-2019-16168, CVE-2017-12627) | CONFIRM | kc.mcafee.com | |
| Full Disclosure: APPLE-SA-2019-1-22-1 iOS 12.1.3 | MISC | seclists.org | Mailing List, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-1-22-1 iOS 12.1.3 | MISC | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-1-22-3 watchOS 5.1.3 | MISC | seclists.org | Mailing List, Third Party Advisory |
| [SECURITY] [DLA 2340-1] sqlite3 security update | MLIST | lists.debian.org | |
| Bugtraq: APPLE-SA-2019-1-22-4 tvOS 12.1.2 | MISC | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-1-22-4 tvOS 12.1.2 | MISC | seclists.org | Mailing List, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-1-22-3 watchOS 5.1.3 | MISC | seclists.org | Mailing List, Third Party Advisory |
| About the security content of watchOS 5.1.3 - Apple Support | MISC | support.apple.com | Third Party Advisory |
| About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra - Apple Support | MISC | support.apple.com | Third Party Advisory |
| Full Disclosure: APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows | MISC | seclists.org | Mailing List, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows | MISC | seclists.org | Mailing List, Third Party Advisory |
| USN-4019-2: SQLite vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| Bugtraq: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra | MISC | seclists.org | Mailing List, Third Party Advisory |
| USN-4019-1: SQLite vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| SQLite 'FTS3' extension Remote Code Execution Vulnerability | MISC | www.securityfocus.com | Third Party Advisory, VDB Entry |
| April 2019 SQLite Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| SQLite: Check-in [940f2adc] | MISC | sqlite.org | Vendor Advisory |
| About the security content of iTunes 12.9.3 for Windows - Apple Support | MISC | support.apple.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.