Description

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Remediation

References

CVE-2018-20505

Related Vulnerabilities

MediaWiki remote code execution

WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2016-0751)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)

WordPress Plugin WP Video Lightbox Cross-Site Scripting (1.9.2)

Severity

High

Classification

CVE-2018-20505 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities