Vulnerability Details : CVE-2018-20346
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Vulnerability category: OverflowExecute code
Products affected by CVE-2018-20346
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20346
91.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2018-20346
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20346
-
https://support.apple.com/HT209447
About the security content of tvOS 12.1.2 - Apple Support
-
https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
worthdoingbadly.com/2018-12-14-sqlitebug.html at master · zhuowei/worthdoingbadly.com · GitHubExploit;Third Party Advisory
-
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
Third Party Advisory
-
https://support.apple.com/HT209451
About the security content of iCloud for Windows 7.10 - Apple Support
-
https://news.ycombinator.com/item?id=18685296
Remote code execution vulnerability in SQLite | Hacker NewsThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020
-
https://crbug.com/900910
900910 - Multiple vulnerabilities in sqlite; Cast is 1 attack vector/target - chromium - MonorailPermissions Required;Third Party Advisory
-
https://support.apple.com/HT209448
About the security content of watchOS 5.1.3 - Apple Support
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
[security-announce] openSUSE-SU-2019:1159-1: moderate: Security update fThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1659677
1659677 – CVE-2018-20346 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) [fedora-all]Issue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html
[SECURITY] [DLA 1613-1] sqlite3 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4019-1/
USN-4019-1: SQLite vulnerabilities | Ubuntu security notices
-
https://www.synology.com/security/advisory/Synology_SA_18_61
Synology Inc.Third Party Advisory
-
https://support.apple.com/HT209450
About the security content of iTunes 12.9.3 for Windows - Apple Support
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
[SECURITY] [DLA 2340-1] sqlite3 security update
-
https://usn.ubuntu.com/4019-2/
USN-4019-2: SQLite vulnerabilities | Ubuntu security notices
-
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
c368e30ae55600a1c3c9cb1710a54f9c55de786e - chromium/src - Git at GoogleThird Party Advisory
-
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?Mailing List;Third Party Advisory
-
https://www.sqlite.org/releaselog/3_25_3.html
SQLite Release 3.25.3 On 2018-11-05Release Notes;Vendor Advisory
-
https://support.apple.com/HT209446
About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra - Apple Support
-
https://sqlite.org/src/info/d44318f59044162e
SQLite: Check-in [d44318f5]Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/106323
SQLite CVE-2018-20346 Remote Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopThird Party Advisory
-
https://security.gentoo.org/glsa/201904-21
SQLite: Remote code execution (GLSA 201904-21) — Gentoo securityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
1659379 – (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506) CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (MagellIssue Tracking;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
[security-announce] openSUSE-SU-2019:1222-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
[SECURITY] Fedora 29 Update: mingw-sqlite-3.26.0.0-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://worthdoingbadly.com/sqlitebug/
Crash Chrome 70 with the SQLite Magellan bug | Worth Doing BadlyExploit;Third Party Advisory
-
https://blade.tencent.com/magellan/index_en.html
Magellan - Tencent Blade TeamThird Party Advisory
-
https://access.redhat.com/articles/3758321
Multiple remote code execution flaws in sqlite (Magellan) - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT209443
About the security content of iOS 12.1.3 - Apple Support
-
https://sqlite.org/src/info/940f2adc8541a838
SQLite: Check-in [940f2adc]Patch;Third Party Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-
Jump to