Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

🗓️ 30 Jun 2024 14:00:00Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 1 Views

SQLite pre-3.25.3 FTS3 merge overflow enables remote code execution via crafted shadow tables.

Related
Detection
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local
20 Dec 201914:02
ibm
IBM Security Bulletins		Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346)
7 Dec 202322:45
ibm
IBM Security Bulletins		Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346)
26 Apr 201907:50
ibm
IBM Security Bulletins		Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-20346
10 May 201914:33
ibm
IBM Security Bulletins		Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability
26 Jun 201919:15
ibm
IBM Security Bulletins		Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in SQLite (CVE-2018-20346)
10 Jan 202021:20
ibm
IBM Security Bulletins		Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities
15 Apr 202502:43
ibm
Tenable Nessus		macOS 10.14.x < 10.14.3 Multiple Vulnerabilities
10 Apr 201900:00
nessus
Tenable Nessus		Apple iOS < 12.1.3 Multiple Vulnerabilities (APPLE-SA-2019-1-22-1)
17 Apr 201900:00
nessus
Tenable Nessus		Apple iOS < 12.1.3 Multiple Vulnerabilities
23 Jan 201900:00
nessus
Rows per page
Vulners
Node
microsoftazl3_ceph_16.2.10-3Range<18.2.1-1
OR
microsoftazl3_ceph_18.2.1-1Range<18.2.1-1
OR
microsoftazl3_ceph_18.2.1-1Range<18.2.1-1

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Feb 2026 23:15Current
6.8Medium risk
Vulners AI Score6.8
CVSS 26.8
CVSS 38.1
CVSS 3.18.1
EPSS0.13522
sqlite vulnerabilityfts3 overflowmerge operationshadow tablesremote code executioncrafted changes
1