8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.909 High
EPSS
Percentile
98.8%
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an
integer overflow (and resultant buffer overflow) for FTS3 queries that
occur after crafted changes to FTS3 shadow tables, allowing remote
attackers to execute arbitrary code by leveraging the ability to run
arbitrary SQL statements (such as in certain WebSQL use cases), aka
Magellan.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | sqlite3 | < 3.22.0-1ubuntu0.1 | UNKNOWN |
ubuntu | 18.10 | noarch | sqlite3 | < 3.24.0-1ubuntu0.1 | UNKNOWN |
ubuntu | 14.04 | noarch | sqlite3 | < 3.8.2-1ubuntu2.2+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | sqlite3 | < 3.11.0-1ubuntu1.2 | UNKNOWN |
access.redhat.com/articles/3758321
blade.tencent.com/magellan/index_en.html
bugzilla.redhat.com/show_bug.cgi?id=1659379
bugzilla.redhat.com/show_bug.cgi?id=1659677
chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
crbug.com/900910
github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
launchpad.net/bugs/cve/CVE-2018-20346
lists.debian.org/debian-lts-announce/2018/12/msg00012.html
news.ycombinator.com/item?id=18685296
nvd.nist.gov/vuln/detail/CVE-2018-20346
security-tracker.debian.org/tracker/CVE-2018-20346
sqlite.org/src/info/940f2adc8541a838
sqlite.org/src/info/d44318f59044162e
ubuntu.com/security/notices/USN-4019-1
ubuntu.com/security/notices/USN-4019-2
worthdoingbadly.com/sqlitebug/
www.cve.org/CVERecord?id=CVE-2018-20346
www.mail-archive.com/[email protected]/msg113218.html
www.sqlite.org/releaselog/3_25_3.html
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.909 High
EPSS
Percentile
98.8%