{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-19T18:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/106698"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209443"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209446"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209447"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209448"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209450"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209451"}, {"tags": ["x_refsource_MISC"], "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4019-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20505", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2019/Jan/62", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/64", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/66", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/67", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/68", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/69", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"name": "http://www.securityfocus.com/bid/106698", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/106698"}, {"name": "https://seclists.org/bugtraq/2019/Jan/28", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"name": "https://seclists.org/bugtraq/2019/Jan/29", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"name": "https://seclists.org/bugtraq/2019/Jan/31", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"name": "https://seclists.org/bugtraq/2019/Jan/32", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"name": "https://seclists.org/bugtraq/2019/Jan/33", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"name": "https://seclists.org/bugtraq/2019/Jan/39", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"name": "https://support.apple.com/kb/HT209443", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209443"}, {"name": "https://support.apple.com/kb/HT209446", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209446"}, {"name": "https://support.apple.com/kb/HT209447", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209447"}, {"name": "https://support.apple.com/kb/HT209448", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209448"}, {"name": "https://support.apple.com/kb/HT209450", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209450"}, {"name": "https://support.apple.com/kb/HT209451", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209451"}, {"name": "https://sqlite.org/src/info/1a84668dcfdebaf12415d", "refsource": "MISC", "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"}, {"name": "https://security.netapp.com/advisory/ntap-20190502-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4019-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:05:17.435Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/106698"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209443"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209446"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209447"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209448"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209450"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209451"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4019-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20505", "datePublished": "2019-04-03T17:51:41", "dateReserved": "2018-12-26T00:00:00", "dateUpdated": "2024-08-05T12:05:17.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "matchCriteriaId": "020C961B-427C-4598-9EB0-0042020C54B3", "versionEndIncluding": "3.25.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2160390-120A-4096-8A39-3CE6F440D8AC", "versionEndExcluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "739E57BC-3CD1-40F1-85C1-7CE868815DB9", "versionEndExcluding": "10.14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F8B7E29-97B5-486D-BC28-FA0FF533C0FC", "versionEndExcluding": "5.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "705607A4-ED66-4141-ADB8-FBCF1B268614", "versionEndExcluding": "7.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C2E6352-2B45-4FE3-88E1-E8E54FC0A0D3", "versionEndExcluding": "12.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."}, {"lang": "es", "value": "SQLite 3.25.2, cuando se ejecutan consultas en una tabla con una CLAVE PRIMARIA mal formada, permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n), explotando la posibilidad de ejecutar declaraciones SQL arbitrarias (como en ciertos casos de uso de WebSQL)."}], "id": "CVE-2018-20505", "lastModified": "2019-06-19T19:15:10.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:00.673", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106698"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209443"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209446"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209447"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209448"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209450"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209451"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4019-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", "id": "1659379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).", "Multiple flaws were found in sqlite. An attacker having the ability to run arbitrary SQL commands could use this flaw to execute arbitrary code with the permission of the user running the sqlite application."], "name": "CVE-2018-20505", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-20505\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20505\nhttps://access.redhat.com/articles/3758321\nhttps://blade.tencent.com/magellan/index_en.html\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"], "statement": "This flaw does not affect the versions of sqlite package shipped with Red Hat Enterprise Linux 5, 6 and 7. This flaw in sqlite can be exploited by attackers only if they are able to run arbitrary SQL statements on the sqlite database. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1659379#c12", "threat_severity": "Important"}