{"api_version":"1","generated_at":"2026-05-15T14:07:00+00:00","cve":"CVE-2018-20506","urls":{"html":"https://cve.report/CVE-2018-20506","api":"https://cve.report/api/cve/CVE-2018-20506.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-20506","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-20506"},"summary":{"title":"CVE-2018-20506","description":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-04-03 18:29:00","updated_at":"2021-07-31 08:15:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://support.apple.com/kb/HT209447","name":"https://support.apple.com/kb/HT209447","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of tvOS 12.1.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT209443","name":"https://support.apple.com/kb/HT209443","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of iOS 12.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/67","name":"http://seclists.org/fulldisclosure/2019/Jan/67","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-22-6 iCloud for Windows 7.10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html","name":"openSUSE-SU-2019:1222","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2019:1222-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/29","name":"https://seclists.org/bugtraq/2019/Jan/29","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-22-6 iCloud for Windows 7.10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT209451","name":"https://support.apple.com/kb/HT209451","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of iCloud for Windows 7.10 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/62","name":"http://seclists.org/fulldisclosure/2019/Jan/62","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365","refsource":"CONFIRM","tags":[],"title":"Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-15719, CVE-2019-1543, CVE-2019-1547, CVE-2019-1552, CVE-2019-1563, CVE-2019-8457, CVE-2018-20506, CVE-2018-20346, CVE-2019-16168, CVE-2017-12627)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/64","name":"http://seclists.org/fulldisclosure/2019/Jan/64","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-22-1 iOS 12.1.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/28","name":"https://seclists.org/bugtraq/2019/Jan/28","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-22-1 iOS 12.1.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/68","name":"http://seclists.org/fulldisclosure/2019/Jan/68","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-22-3 watchOS 5.1.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","name":"[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2340-1] sqlite3 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/33","name":"https://seclists.org/bugtraq/2019/Jan/33","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-22-4 tvOS 12.1.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/66","name":"http://seclists.org/fulldisclosure/2019/Jan/66","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-22-4 tvOS 12.1.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/32","name":"https://seclists.org/bugtraq/2019/Jan/32","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-22-3 watchOS 5.1.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT209448","name":"https://support.apple.com/kb/HT209448","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of watchOS 5.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT209446","name":"https://support.apple.com/kb/HT209446","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/69","name":"http://seclists.org/fulldisclosure/2019/Jan/69","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/39","name":"https://seclists.org/bugtraq/2019/Jan/39","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4019-2/","name":"USN-4019-2","refsource":"UBUNTU","tags":[],"title":"USN-4019-2: SQLite vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jan/31","name":"https://seclists.org/bugtraq/2019/Jan/31","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4019-1/","name":"USN-4019-1","refsource":"UBUNTU","tags":[],"title":"USN-4019-1: SQLite vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106698","name":"http://www.securityfocus.com/bid/106698","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"SQLite 'FTS3' extension Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20190502-0004/","name":"https://security.netapp.com/advisory/ntap-20190502-0004/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"April 2019 SQLite Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://sqlite.org/src/info/940f2adc8541a838","name":"https://sqlite.org/src/info/940f2adc8541a838","refsource":"MISC","tags":["Vendor Advisory"],"title":"SQLite: Check-in [940f2adc]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT209450","name":"https://support.apple.com/kb/HT209450","refsource":"MISC","tags":["Third Party Advisory"],"title":"About the security content of iTunes 12.9.3 for Windows - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-20506","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20506","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"7.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"12.9.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"42.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"42.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sqlite","cpe5":"sqlite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"20506","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sqlite","cpe5":"sqlite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-20506","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://sqlite.org/src/info/940f2adc8541a838","refsource":"MISC","name":"https://sqlite.org/src/info/940f2adc8541a838"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/62","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/62"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/64","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/64"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/66","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/66"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/67","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/67"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/68","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/68"},{"url":"http://seclists.org/fulldisclosure/2019/Jan/69","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2019/Jan/69"},{"url":"http://www.securityfocus.com/bid/106698","refsource":"MISC","name":"http://www.securityfocus.com/bid/106698"},{"url":"https://seclists.org/bugtraq/2019/Jan/28","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/28"},{"url":"https://seclists.org/bugtraq/2019/Jan/29","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/29"},{"url":"https://seclists.org/bugtraq/2019/Jan/31","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/31"},{"url":"https://seclists.org/bugtraq/2019/Jan/32","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/32"},{"url":"https://seclists.org/bugtraq/2019/Jan/33","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/33"},{"url":"https://seclists.org/bugtraq/2019/Jan/39","refsource":"MISC","name":"https://seclists.org/bugtraq/2019/Jan/39"},{"url":"https://support.apple.com/kb/HT209443","refsource":"MISC","name":"https://support.apple.com/kb/HT209443"},{"url":"https://support.apple.com/kb/HT209446","refsource":"MISC","name":"https://support.apple.com/kb/HT209446"},{"url":"https://support.apple.com/kb/HT209447","refsource":"MISC","name":"https://support.apple.com/kb/HT209447"},{"url":"https://support.apple.com/kb/HT209448","refsource":"MISC","name":"https://support.apple.com/kb/HT209448"},{"url":"https://support.apple.com/kb/HT209450","refsource":"MISC","name":"https://support.apple.com/kb/HT209450"},{"url":"https://support.apple.com/kb/HT209451","refsource":"MISC","name":"https://support.apple.com/kb/HT209451"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1222","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190502-0004/","url":"https://security.netapp.com/advisory/ntap-20190502-0004/"},{"refsource":"UBUNTU","name":"USN-4019-1","url":"https://usn.ubuntu.com/4019-1/"},{"refsource":"UBUNTU","name":"USN-4019-2","url":"https://usn.ubuntu.com/4019-2/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"},{"refsource":"CONFIRM","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}]}},"nvd":{"publishedDate":"2019-04-03 18:29:00","lastModifiedDate":"2021-07-31 08:15:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*","versionEndExcluding":"3.25.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.14.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.2","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"7.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.9.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"20506","Ordinal":"140854","Title":"CVE-2018-20506","CVE":"CVE-2018-20506","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"20506","Ordinal":"1","NoteData":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"20506","Ordinal":"2","NoteData":"2019-04-03","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"20506","Ordinal":"3","NoteData":"2021-07-31","Type":"Other","Title":"Modified"}]}}}