Home

CVE-2018-20346

Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
13.215

Associated Vulnerability

VulnerabilityOS Platform
iCloud 7.10.0.9Windows
Multiple vulnerabilities are fixed in macOS Mojave 10.14.3Mac
Multiple vulnerabilities are fixed in macOS Mojave 10.14.3 Combo UpdateMac
C library that implements an SQL database engine (USN-2698-1) libsqlite3-0_3.8.2-1ubuntu2.2_i386.debLinux
C library that implements an SQL database engine (USN-2698-1) libsqlite3-0_3.8.2-1ubuntu2.2_amd64.debLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-32bit-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-debuginfo-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-debugsource-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:14003-1(SUSE Linux Enterprise Server 11-SP4 ) libsqlite3-0-3.7.6.3-1.4.7.3.1.i586.rpmLinux
SUSE-SU-2019:14003-1(SUSE Linux Enterprise Server 11-SP4 ) libsqlite3-0-3.7.6.3-1.4.7.3.1.x86_64.rpmLinux
SUSE-SU-2019:14003-1(SUSE Linux Enterprise Server 11-SP4 ) libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1.x86_64.rpmLinux
SUSE-SU-2019:14003-1(SUSE Linux Enterprise Server 11-SP4 ) sqlite3-3.7.6.3-1.4.7.3.1.i586.rpmLinux
SUSE-SU-2019:14003-1(SUSE Linux Enterprise Server 11-SP4 ) sqlite3-3.7.6.3-1.4.7.3.1.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2018-20346)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-308837iCloud 7.10.0.9
PATCH-602004macOS Mojave 10.14.6
PATCH-602005macOS Mojave 10.14.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234