7.5

CVE-2018-20505

Exploit
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version <= 3.25.2
AppleiPhone OS Version < 12.1.3
ApplemacOS X Version < 10.14.2
ApplewatchOS Version < 5.1.3
AppleiCloud Version < 7.10
   MicrosoftWindows Version-
AppleiTunes Version < 12.9.3
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.77% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://usn.ubuntu.com/4019-1/
http://seclists.org/fulldisclosure/2019/Jan/62
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/64
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/66
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/67
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/68
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/69
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/106698
Third Party Advisory
VDB Entry
https://seclists.org/bugtraq/2019/Jan/28
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/29
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/31
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/32
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/33
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/39
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20190502-0004/
Third Party Advisory
https://sqlite.org/src/info/1a84668dcfdebaf12415d
Vendor Advisory
Exploit
https://support.apple.com/kb/HT209443
Vendor Advisory
https://support.apple.com/kb/HT209446
Vendor Advisory
https://support.apple.com/kb/HT209447
Vendor Advisory
https://support.apple.com/kb/HT209448
Vendor Advisory
https://support.apple.com/kb/HT209450
Vendor Advisory
https://support.apple.com/kb/HT209451
Vendor Advisory