Home

CVE-2018-20506

Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a merge operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.492

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.3Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.9.3Windows
Multiple vulnerabilities are fixed in macOS Mojave 10.14.3Mac
Multiple vulnerabilities are fixed in macOS Mojave 10.14.3 Combo UpdateMac
Vulnerabilities CVE-2018-20506,CVE-2019-8542 are affected in Apple iTunes For Mac 12.9.3Mac
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-32bit-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-debuginfo-3.8.10.2-9.3.1.x86_64.rpmLinux
SUSE-SU-2019:0913-1(SUSE Linux Enterprise Desktop 12-SP3 ) sqlite3-debugsource-3.8.10.2-9.3.1.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2018-20506)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602004macOS Mojave 10.14.6
PATCH-602005macOS Mojave 10.14.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234