Vulnerability-Lookup

BDU:2020-02558

Vulnerability from fstec - Published: 03.04.2019

Title

Уязвимость модуля виртуальных таблиц FTS3 системы управления базами данных SQLite, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость модуля виртуальных таблиц FTS3 системы управления базами данных SQLite вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Novell Inc., Oracle Corp., Apple Inc., Hipp Wyrick Company Inc, АО «Концерн ВНИИНС»

Software Name

Ubuntu, OpenSUSE Leap, Outside In Technology, iOS, watchOS, tvOS, iTunes, iCloud, SQLite, MacOS, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 8.5.4 (Outside In Technology), до 12.1.3 (iOS), до 5.1.3 (watchOS), до 12.1.2 (tvOS), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 14.04 ESM (Ubuntu), до 12.9.3 (iTunes), до 7.10 (iCloud), до 3.25.3 (SQLite), до Mojave 10.14.3 (MacOS), до High Sierra 2019-001 (MacOS), до Sierra 2019-001 (MacOS), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для SQLite: https://sqlite.org/src/info/940f2adc8541a838 Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html Для Ubuntu: https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ Для программных продуктов Apple: https://support.apple.com/kb/HT209443 https://support.apple.com/kb/HT209446 https://support.apple.com/kb/HT209447 https://support.apple.com/kb/HT209448 https://support.apple.com/kb/HT209450 https://support.apple.com/kb/HT209451 Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpuapr2020.html Для ОС ОН «Стрелец»: Обновление программного обеспечения sqlite3 до версии 3.16.2-5+deb9u3

Reference

https://sqlite.org/src/info/940f2adc8541a838 https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html https://usn.ubuntu.com/4019-1/ https://usn.ubuntu.com/4019-2/ https://support.apple.com/kb/HT209443 https://support.apple.com/kb/HT209446 https://support.apple.com/kb/HT209447 https://support.apple.com/kb/HT209448 https://support.apple.com/kb/HT209450 https://support.apple.com/kb/HT209451 https://www.oracle.com/security-alerts/cpuapr2020.html https://nvd.nist.gov/vuln/detail/CVE-2018-20506 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Novell Inc., Oracle Corp., Apple Inc., Hipp Wyrick Company Inc, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 8.5.4 (Outside In Technology), \u0434\u043e 12.1.3 (iOS), \u0434\u043e 5.1.3 (watchOS), \u0434\u043e 12.1.2 (tvOS), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 14.04 ESM (Ubuntu), \u0434\u043e 12.9.3 (iTunes), \u0434\u043e 7.10 (iCloud), \u0434\u043e 3.25.3 (SQLite), \u0434\u043e Mojave 10.14.3 (MacOS), \u0434\u043e High Sierra 2019-001 (MacOS), \u0434\u043e Sierra 2019-001 (MacOS), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f SQLite:\nhttps://sqlite.org/src/info/940f2adc8541a838\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4019-1/\nhttps://usn.ubuntu.com/4019-2/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple:\nhttps://support.apple.com/kb/HT209443\nhttps://support.apple.com/kb/HT209446\nhttps://support.apple.com/kb/HT209447\nhttps://support.apple.com/kb/HT209448\nhttps://support.apple.com/kb/HT209450\nhttps://support.apple.com/kb/HT209451\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f sqlite3 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.16.2-5+deb9u3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02558",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-20506",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, OpenSUSE Leap, Outside In Technology, iOS, watchOS, tvOS, iTunes, iCloud, SQLite, MacOS, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Apple Inc. iOS \u0434\u043e 12.1.3 , Apple Inc. watchOS \u0434\u043e 5.1.3 , Apple Inc. tvOS \u0434\u043e 12.1.2 , Canonical Ltd. Ubuntu 12.04 ESM , Canonical Ltd. Ubuntu 19.04 , Canonical Ltd. Ubuntu 14.04 ESM , Apple Inc. MacOS \u0434\u043e Mojave 10.14.3 , Apple Inc. MacOS \u0434\u043e High Sierra 2019-001 , Apple Inc. MacOS \u0434\u043e Sierra 2019-001 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0442\u0430\u0431\u043b\u0438\u0446 FTS3 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 SQLite, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0442\u0430\u0431\u043b\u0438\u0446 FTS3 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 SQLite \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sqlite.org/src/info/940f2adc8541a838\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html\nhttps://usn.ubuntu.com/4019-1/\nhttps://usn.ubuntu.com/4019-2/\nhttps://support.apple.com/kb/HT209443\nhttps://support.apple.com/kb/HT209446\nhttps://support.apple.com/kb/HT209447\nhttps://support.apple.com/kb/HT209448\nhttps://support.apple.com/kb/HT209450\nhttps://support.apple.com/kb/HT209451\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20506\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

CVE-2018-20506 (GCVE-0-2018-20506)

Vulnerability from cvelistv5 – Published: 2019-04-03 17:50 – Updated: 2024-08-05 12:05

Summary

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://sqlite.org/src/info/940f2adc8541a838	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/62	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/64	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/66	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/67	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/68	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/69	x_refsource_MISC
	http://www.securityfocus.com/bid/106698	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/28	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/29	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/31	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/32	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/33	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/39	x_refsource_MISC
	https://support.apple.com/kb/HT209443	x_refsource_MISC
	https://support.apple.com/kb/HT209446	x_refsource_MISC
	https://support.apple.com/kb/HT209447	x_refsource_MISC
	https://support.apple.com/kb/HT209448	x_refsource_MISC
	https://support.apple.com/kb/HT209450	x_refsource_MISC
	https://support.apple.com/kb/HT209451	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.netapp.com/advisory/ntap-2019050…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4019-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4019-2/	vendor-advisoryx_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:05:17.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sqlite.org/src/info/940f2adc8541a838"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106698"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/28"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/32"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/39"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209443"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209447"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209448"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209450"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209451"
          },
          {
            "name": "openSUSE-SU-2019:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
          },
          {
            "name": "USN-4019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4019-1/"
          },
          {
            "name": "USN-4019-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4019-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-31T07:06:33.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sqlite.org/src/info/940f2adc8541a838"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106698"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/28"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/32"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/39"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209443"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209447"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209448"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209450"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209451"
        },
        {
          "name": "openSUSE-SU-2019:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
        },
        {
          "name": "USN-4019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4019-1/"
        },
        {
          "name": "USN-4019-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4019-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sqlite.org/src/info/940f2adc8541a838",
              "refsource": "MISC",
              "url": "https://sqlite.org/src/info/940f2adc8541a838"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/62",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/64",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/66",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/67",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/68",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/69",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
            },
            {
              "name": "http://www.securityfocus.com/bid/106698",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106698"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/28",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/28"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/29",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/29"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/31",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/31"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/32",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/32"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/33",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/33"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/39",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/39"
            },
            {
              "name": "https://support.apple.com/kb/HT209443",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209443"
            },
            {
              "name": "https://support.apple.com/kb/HT209446",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209446"
            },
            {
              "name": "https://support.apple.com/kb/HT209447",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209447"
            },
            {
              "name": "https://support.apple.com/kb/HT209448",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209448"
            },
            {
              "name": "https://support.apple.com/kb/HT209450",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209450"
            },
            {
              "name": "https://support.apple.com/kb/HT209451",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209451"
            },
            {
              "name": "openSUSE-SU-2019:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
            },
            {
              "name": "USN-4019-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4019-1/"
            },
            {
              "name": "USN-4019-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4019-2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20506",
    "datePublished": "2019-04-03T17:50:54.000Z",
    "dateReserved": "2018-12-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:05:17.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-02558

CVE-2018-20506 (GCVE-0-2018-20506)

Tags

Sightings

Nomenclature