{"api_version":"1","generated_at":"2026-04-23T01:11:40+00:00","cve":"CVE-2017-2518","urls":{"html":"https://cve.report/CVE-2017-2518","api":"https://cve.report/api/cve/CVE-2017-2518.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-2518","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-2518"},"summary":{"title":"CVE-2017-2518","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2017-05-22 05:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/98468","name":"98468","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Apple iOS/WatchOS/tvOS/macOS Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html","name":"[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update","refsource":"MLIST","tags":["Third Party Advisory"],"title":"[SECURITY] [DLA 1633-1] sqlite3 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT207798","name":"https://support.apple.com/HT207798","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 10.3.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT207800","name":"https://support.apple.com/HT207800","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of watchOS 3.2.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT207797","name":"https://support.apple.com/HT207797","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT207801","name":"https://support.apple.com/HT207801","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of tvOS 10.2.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4019-2/","name":"USN-4019-2","refsource":"UBUNTU","tags":[],"title":"USN-4019-2: SQLite vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1038484","name":"1038484","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Authentication Credentials and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4019-1/","name":"USN-4019-1","refsource":"UBUNTU","tags":[],"title":"USN-4019-1: SQLite vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-2518","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2518","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"2518","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-2518","qid":"751168","title":"SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2021:3215-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2017-2518","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1038484","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038484"},{"name":"https://support.apple.com/HT207797","refsource":"CONFIRM","url":"https://support.apple.com/HT207797"},{"name":"https://support.apple.com/HT207800","refsource":"CONFIRM","url":"https://support.apple.com/HT207800"},{"name":"[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"},{"name":"98468","refsource":"BID","url":"http://www.securityfocus.com/bid/98468"},{"name":"https://support.apple.com/HT207798","refsource":"CONFIRM","url":"https://support.apple.com/HT207798"},{"name":"https://support.apple.com/HT207801","refsource":"CONFIRM","url":"https://support.apple.com/HT207801"},{"refsource":"UBUNTU","name":"USN-4019-1","url":"https://usn.ubuntu.com/4019-1/"},{"refsource":"UBUNTU","name":"USN-4019-2","url":"https://usn.ubuntu.com/4019-2/"}]}},"nvd":{"publishedDate":"2017-05-22 05:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"2518","Ordinal":"98657","Title":"CVE-2017-2518","CVE":"CVE-2017-2518","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"2518","Ordinal":"1","NoteData":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"2518","Ordinal":"2","NoteData":"2017-05-22","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"2518","Ordinal":"3","NoteData":"2019-06-19","Type":"Other","Title":"Modified"}]}}}