8.1

CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version < 3.25.3
AppleiPhone OS Version < 12.1.3
ApplemacOS X Version < 10.14.3
AppletvOS Version < 12.1.2
ApplewatchOS Version < 5.1.3
AppleiCloud Version <= 7.10
   MicrosoftWindows Version-
AppleiTunes Version <= 12.9.3
   MicrosoftWindows Version-
OpensuseLeap Version42.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.53% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2020.html
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
Third Party Advisory
Mailing List
https://sqlite.org/src/info/940f2adc8541a838
Vendor Advisory
http://seclists.org/fulldisclosure/2019/Jan/62
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/64
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/66
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/67
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/68
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2019/Jan/69
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/106698
Third Party Advisory
VDB Entry
https://seclists.org/bugtraq/2019/Jan/28
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/29
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/31
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/32
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/33
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Jan/39
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20190502-0004/
Third Party Advisory
https://support.apple.com/kb/HT209443
Third Party Advisory
https://support.apple.com/kb/HT209446
Third Party Advisory
https://support.apple.com/kb/HT209447
Third Party Advisory
https://support.apple.com/kb/HT209448
Third Party Advisory
https://support.apple.com/kb/HT209450
Third Party Advisory
https://support.apple.com/kb/HT209451
Third Party Advisory