{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-31T07:06:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sqlite.org/src/info/940f2adc8541a838"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/106698"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209443"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209446"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209447"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209448"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209450"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209451"}, {"name": "openSUSE-SU-2019:1222", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4019-1/"}, {"name": "USN-4019-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4019-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sqlite.org/src/info/940f2adc8541a838", "refsource": "MISC", "url": "https://sqlite.org/src/info/940f2adc8541a838"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/62", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/64", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/66", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/67", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/68", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"name": "http://seclists.org/fulldisclosure/2019/Jan/69", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"name": "http://www.securityfocus.com/bid/106698", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/106698"}, {"name": "https://seclists.org/bugtraq/2019/Jan/28", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"name": "https://seclists.org/bugtraq/2019/Jan/29", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"name": "https://seclists.org/bugtraq/2019/Jan/31", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"name": "https://seclists.org/bugtraq/2019/Jan/32", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"name": "https://seclists.org/bugtraq/2019/Jan/33", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"name": "https://seclists.org/bugtraq/2019/Jan/39", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"name": "https://support.apple.com/kb/HT209443", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209443"}, {"name": "https://support.apple.com/kb/HT209446", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209446"}, {"name": "https://support.apple.com/kb/HT209447", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209447"}, {"name": "https://support.apple.com/kb/HT209448", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209448"}, {"name": "https://support.apple.com/kb/HT209450", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209450"}, {"name": "https://support.apple.com/kb/HT209451", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209451"}, {"name": "openSUSE-SU-2019:1222", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190502-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4019-1/"}, {"name": "USN-4019-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4019-2/"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:05:17.401Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sqlite.org/src/info/940f2adc8541a838"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/106698"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209443"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209446"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209447"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209448"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209450"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209451"}, {"name": "openSUSE-SU-2019:1222", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"name": "USN-4019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4019-1/"}, {"name": "USN-4019-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4019-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20506", "datePublished": "2019-04-03T17:50:54", "dateReserved": "2018-12-26T00:00:00", "dateUpdated": "2024-08-05T12:05:17.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D1E0B0-910B-4661-9E93-64746C0441A4", "versionEndExcluding": "3.25.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2160390-120A-4096-8A39-3CE6F440D8AC", "versionEndExcluding": "12.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EC331DC-EE67-426B-8C75-1E0E070901B8", "versionEndExcluding": "10.14.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDF826E3-9EA2-4EEF-94C9-CDBFA61BB083", "versionEndExcluding": "12.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F8B7E29-97B5-486D-BC28-FA0FF533C0FC", "versionEndExcluding": "5.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3250E005-6D79-4828-A31E-F4D132F9E6FF", "versionEndIncluding": "7.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE43E1DC-CC1C-411D-A28D-9FCB3679554A", "versionEndIncluding": "12.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."}, {"lang": "es", "value": "En SQLite, en versiones anteriores a la 3.25.3, cuando est\u00e1 habilitada la extensi\u00f3n FTS3, hay un desbordamiento de enteros que resulta en un desbordamiento de b\u00fafer para consultas FTS3 en una operaci\u00f3n de uni\u00f3n que ocurre despu\u00e9s de que se realicen cambios manipulados en las tablas de sombras de FTS3. Esto permite que atacantes remotos ejecuten c\u00f3digo arbitrario, explotando la posibilidad de ejecutar declaraciones SQL arbitrarias (como en ciertos casos de uso de WebSQL). Esta vulnerabilidad es diferente de CVE-2018-20346."}], "id": "CVE-2018-20506", "lastModified": "2024-11-21T04:01:37.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:01.313", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106698"}, {"source": "cve@mitre.org", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://sqlite.org/src/info/940f2adc8541a838"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209443"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209446"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209447"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209448"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209450"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209451"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4019-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4019-2/"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/66"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jan/69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190502-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sqlite.org/src/info/940f2adc8541a838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT209451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4019-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4019-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)", "id": "1659379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.", "Multiple flaws were found in sqlite. An attacker having the ability to run arbitrary SQL commands could use this flaw to execute arbitrary code with the permission of the user running the sqlite application."], "name": "CVE-2018-20506", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-20506\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20506\nhttps://access.redhat.com/articles/3758321\nhttps://blade.tencent.com/magellan/index_en.html\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"], "statement": "This flaw does not affect the versions of sqlite package shipped with Red Hat Enterprise Linux 5, 6 and 7. This flaw in sqlite can be exploited by attackers only if they are able to run arbitrary SQL statements on the sqlite database. For more information please see https://bugzilla.redhat.com/show_bug.cgi?id=1659379#c12", "threat_severity": "Important"}