Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Remediation

References

CVE-2018-20346

Related Vulnerabilities

Oracle Database Server CVE-2014-4296 Vulnerability (CVE-2014-4296)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4630)

WordPress Plugin WordPress Download Manager Multiple Vulnerabilities (3.1.24)

b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)

Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

Severity

High

Classification

CVE-2018-20346 CWE-190 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities