Vulnerability-Lookup

BDU:2020-02776

Vulnerability from fstec - Published: 19.06.2019

Title

Уязвимость системы управления базами данных SQLite, связанная с отсутствием защиты структуры запроса SQL, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость системы управления базами данных SQLite связана с отсутствием защиты структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании (завершение работы приложения) в результате запуска произвольных операторов SQL

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Apple Inc., Novell Inc., Hipp Wyrick Company Inc

Software Name

Ubuntu, iOS, watchOS, Suse Linux Enterprise Desktop, iTunes, iCloud, SUSE Business Critical Linux, SQLite, MacOS

Software Version

16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), до 12.1.3 (iOS), до 5.1.3 (watchOS), 19.04 (Ubuntu), 12 SP2 (Suse Linux Enterprise Desktop), до 12.9.3 (iTunes), до 7.10 (iCloud), 12 SP2 (SUSE Business Critical Linux), 3.25.2 (SQLite), до 10.14.2 (MacOS)

Possible Mitigations

Использование рекомендаций: Для SQLite: Обновление системы управления базами данных SQLite до актуальной версии Для Ubuntu: https://usn.ubuntu.com/4019-1/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-20505/ Для Apple: https://support.apple.com/kb/HT209443 https://support.apple.com/kb/HT209446 https://support.apple.com/kb/HT209447 https://support.apple.com/kb/HT209448 https://support.apple.com/kb/HT209450 https://support.apple.com/kb/HT209451

Reference

https://usn.ubuntu.com/4019-1/ https://nvd.nist.gov/vuln/detail/CVE-2018-20505 https://www.suse.com/security/cve/CVE-2018-20505/ https://support.apple.com/kb/HT209443 https://support.apple.com/kb/HT209446 https://support.apple.com/kb/HT209447 https://support.apple.com/kb/HT209448 https://support.apple.com/kb/HT209450 https://support.apple.com/kb/HT209451

CWE

CWE-89

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Apple Inc., Novell Inc., Hipp Wyrick Company Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), \u0434\u043e 12.1.3 (iOS), \u0434\u043e 5.1.3 (watchOS), 19.04 (Ubuntu), 12 SP2 (Suse Linux Enterprise Desktop), \u0434\u043e 12.9.3 (iTunes), \u0434\u043e 7.10 (iCloud), 12 SP2 (SUSE Business Critical Linux), 3.25.2 (SQLite), \u0434\u043e 10.14.2 (MacOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f SQLite:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 SQLite \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4019-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-20505/\n\n\u0414\u043b\u044f Apple:\nhttps://support.apple.com/kb/HT209443 \nhttps://support.apple.com/kb/HT209446 \nhttps://support.apple.com/kb/HT209447 \nhttps://support.apple.com/kb/HT209448 \nhttps://support.apple.com/kb/HT209450 \nhttps://support.apple.com/kb/HT209451",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.06.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02776",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-20505",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, iOS, watchOS, Suse Linux Enterprise Desktop, iTunes, iCloud, SUSE Business Critical Linux, SQLite, MacOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Apple Inc. iOS \u0434\u043e 12.1.3 , Apple Inc. watchOS \u0434\u043e 5.1.3 , Canonical Ltd. Ubuntu 19.04 , Apple Inc. MacOS \u0434\u043e 10.14.2 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 SQLite, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435  SQL\\\") (CWE-89)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 SQLite \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f) \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 SQL",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://usn.ubuntu.com/4019-1/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20505\nhttps://www.suse.com/security/cve/CVE-2018-20505/\nhttps://support.apple.com/kb/HT209443 \nhttps://support.apple.com/kb/HT209446\nhttps://support.apple.com/kb/HT209447 \nhttps://support.apple.com/kb/HT209448 \nhttps://support.apple.com/kb/HT209450 \nhttps://support.apple.com/kb/HT209451",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2018-20505 (GCVE-0-2018-20505)

Vulnerability from cvelistv5 – Published: 2019-04-03 17:51 – Updated: 2024-08-05 12:05

Summary

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2019/Jan/62	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/64	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/66	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/67	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/68	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jan/69	x_refsource_MISC
	http://www.securityfocus.com/bid/106698	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/28	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/29	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/31	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/32	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/33	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Jan/39	x_refsource_MISC
	https://support.apple.com/kb/HT209443	x_refsource_MISC
	https://support.apple.com/kb/HT209446	x_refsource_MISC
	https://support.apple.com/kb/HT209447	x_refsource_MISC
	https://support.apple.com/kb/HT209448	x_refsource_MISC
	https://support.apple.com/kb/HT209450	x_refsource_MISC
	https://support.apple.com/kb/HT209451	x_refsource_MISC
	https://sqlite.org/src/info/1a84668dcfdebaf12415d	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019050…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4019-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:05:17.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106698"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/28"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/32"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jan/39"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209443"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209447"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209448"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209450"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT209451"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
          },
          {
            "name": "USN-4019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4019-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-19T18:06:05.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106698"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/28"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/32"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jan/39"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209443"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209447"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209448"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209450"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/kb/HT209451"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
        },
        {
          "name": "USN-4019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4019-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20505",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/62",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/62"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/64",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/64"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/66",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/66"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/67",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/67"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/68",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/68"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2019/Jan/69",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jan/69"
            },
            {
              "name": "http://www.securityfocus.com/bid/106698",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106698"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/28",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/28"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/29",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/29"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/31",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/31"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/32",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/32"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/33",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/33"
            },
            {
              "name": "https://seclists.org/bugtraq/2019/Jan/39",
              "refsource": "MISC",
              "url": "https://seclists.org/bugtraq/2019/Jan/39"
            },
            {
              "name": "https://support.apple.com/kb/HT209443",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209443"
            },
            {
              "name": "https://support.apple.com/kb/HT209446",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209446"
            },
            {
              "name": "https://support.apple.com/kb/HT209447",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209447"
            },
            {
              "name": "https://support.apple.com/kb/HT209448",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209448"
            },
            {
              "name": "https://support.apple.com/kb/HT209450",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209450"
            },
            {
              "name": "https://support.apple.com/kb/HT209451",
              "refsource": "MISC",
              "url": "https://support.apple.com/kb/HT209451"
            },
            {
              "name": "https://sqlite.org/src/info/1a84668dcfdebaf12415d",
              "refsource": "MISC",
              "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
            },
            {
              "name": "USN-4019-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4019-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20505",
    "datePublished": "2019-04-03T17:51:41.000Z",
    "dateReserved": "2018-12-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:05:17.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-02776

CVE-2018-20505 (GCVE-0-2018-20505)

Tags

Sightings

Nomenclature