CVE-2018-20346

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20346
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20346.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-20346
Related
Published
2018-12-21T21:29:00Z
Modified
2024-09-11T04:24:59.434567Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

References

Affected packages

Alpine:v3.6 / sqlite

Package

Name
sqlite
Purl
pkg:apk/alpine/sqlite?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r0
3.7.0.1-r0
3.7.1-r0
3.7.2-r0
3.7.3-r0
3.7.4-r0
3.7.4-r1
3.7.4-r2
3.7.5-r0
3.7.5-r1
3.7.6-r0
3.7.6.1-r0
3.7.6.2-r0
3.7.6.2-r1
3.7.6.3-r0
3.7.7-r0
3.7.7.1-r0
3.7.8-r0
3.7.9-r0
3.7.10-r0
3.7.11-r0
3.7.12-r0
3.7.12.1-r0
3.7.12.1-r1
3.7.12.1-r2
3.7.13-r0
3.7.13-r1
3.7.14-r0
3.7.14.1-r0
3.7.15-r0
3.7.15.1-r0
3.7.15.2-r0
3.7.16.1-r0
3.7.16.2-r0
3.7.17-r0
3.8.0-r0
3.8.0.1-r0
3.8.0.2-r0
3.8.1-r0
3.8.2-r0
3.8.3-r0
3.8.3.1-r0
3.8.4-r0
3.8.4.1-r0
3.8.4.2-r0
3.8.4.3-r0
3.8.4.3-r1
3.8.5-r0
3.8.6-r0
3.8.7-r0
3.8.7.1-r0
3.8.7.2-r0
3.8.7.3-r0
3.8.7.4-r0
3.8.8.1-r0
3.8.8.2-r0
3.8.8.3-r0
3.8.9-r0
3.8.10-r0
3.8.10.1-r0
3.8.10.1-r1
3.8.10.2-r0
3.8.11-r0
3.8.11.1-r0
3.8.11.1-r1
3.9.0-r1
3.9.1-r0
3.9.2-r0
3.10.2-r0
3.11.0-r0
3.11.1-r0
3.12.0-r0
3.12.1-r0
3.12.2-r0
3.12.2-r1
3.13.0-r0
3.14.1-r0
3.14.2-r0
3.15.0-r0
3.15.1-r0
3.15.2-r0
3.16.0-r0
3.16.2-r0
3.17.0-r0
3.17.0-r1
3.18.0-r0
3.20.1-r0
3.20.1-r1
3.20.1-r2

Alpine:v3.7 / sqlite

Package

Name
sqlite
Purl
pkg:apk/alpine/sqlite?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r0
3.7.0.1-r0
3.7.1-r0
3.7.2-r0
3.7.3-r0
3.7.4-r0
3.7.4-r1
3.7.4-r2
3.7.5-r0
3.7.5-r1
3.7.6-r0
3.7.6.1-r0
3.7.6.2-r0
3.7.6.2-r1
3.7.6.3-r0
3.7.7-r0
3.7.7.1-r0
3.7.8-r0
3.7.9-r0
3.7.10-r0
3.7.11-r0
3.7.12-r0
3.7.12.1-r0
3.7.12.1-r1
3.7.12.1-r2
3.7.13-r0
3.7.13-r1
3.7.14-r0
3.7.14.1-r0
3.7.15-r0
3.7.15.1-r0
3.7.15.2-r0
3.7.16.1-r0
3.7.16.2-r0
3.7.17-r0
3.8.0-r0
3.8.0.1-r0
3.8.0.2-r0
3.8.1-r0
3.8.2-r0
3.8.3-r0
3.8.3.1-r0
3.8.4-r0
3.8.4.1-r0
3.8.4.2-r0
3.8.4.3-r0
3.8.4.3-r1
3.8.5-r0
3.8.6-r0
3.8.7-r0
3.8.7.1-r0
3.8.7.2-r0
3.8.7.3-r0
3.8.7.4-r0
3.8.8.1-r0
3.8.8.2-r0
3.8.8.3-r0
3.8.9-r0
3.8.10-r0
3.8.10.1-r0
3.8.10.1-r1
3.8.10.2-r0
3.8.11-r0
3.8.11.1-r0
3.8.11.1-r1
3.9.0-r1
3.9.1-r0
3.9.2-r0
3.10.2-r0
3.11.0-r0
3.11.1-r0
3.12.0-r0
3.12.1-r0
3.12.2-r0
3.12.2-r1
3.13.0-r0
3.14.1-r0
3.14.2-r0
3.15.0-r0
3.15.1-r0
3.15.2-r0
3.16.0-r0
3.16.2-r0
3.17.0-r0
3.17.0-r1
3.18.0-r0
3.18.0-r1
3.19.3-r0
3.20.0-r0
3.20.1-r0
3.21.0-r0
3.21.0-r1

Alpine:v3.8 / sqlite

Package

Name
sqlite
Purl
pkg:apk/alpine/sqlite?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r2
3.7.0.1-r2
3.7.1-r2
3.7.2-r2
3.7.3-r2
3.7.4-r2
3.7.5-r2
3.7.6-r2
3.7.6.1-r2
3.7.6.2-r2
3.7.6.3-r2
3.7.7-r2
3.7.7.1-r2
3.7.8-r2
3.7.9-r2
3.7.10-r2
3.7.11-r2
3.7.12-r2
3.7.12.1-r2
3.7.13-r2
3.7.14-r2
3.7.14.1-r2
3.7.15-r2
3.7.15.1-r2
3.7.15.2-r2
3.7.16.1-r2
3.7.16.2-r2
3.7.17-r2
3.8.0-r2
3.8.0.1-r2
3.8.0.2-r2
3.8.1-r2
3.8.2-r2
3.8.3-r2
3.8.3.1-r2
3.8.4-r2
3.8.4.1-r2
3.8.4.2-r2
3.8.4.3-r2
3.8.5-r2
3.8.6-r2
3.8.7-r2
3.8.7.1-r2
3.8.7.2-r2
3.8.7.3-r2
3.8.7.4-r2
3.8.8.1-r2
3.8.8.2-r2
3.8.8.3-r2
3.8.9-r2
3.8.10-r2
3.8.10.1-r2
3.8.10.2-r2
3.8.11-r2
3.8.11.1-r2
3.9.0-r2
3.9.1-r2
3.9.2-r2
3.10.2-r2
3.11.0-r2
3.11.1-r2
3.12.0-r2
3.12.1-r2
3.12.2-r2
3.13.0-r2
3.14.1-r2
3.14.2-r2
3.15.0-r2
3.15.1-r2
3.15.2-r2
3.16.0-r2
3.16.2-r2
3.17.0-r2
3.18.0-r2
3.19.3-r2
3.20.0-r2
3.20.1-r2
3.21.0-r2
3.22.0-r2
3.23.0-r2
3.23.1-r0
3.23.1-r2
3.24.0-r0

Debian:11 / chromium

Package

Name
chromium
Purl
pkg:deb/debian/chromium?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
71.0.3578.80-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / chromium

Package

Name
chromium
Purl
pkg:deb/debian/chromium?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
71.0.3578.80-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / chromium

Package

Name
chromium
Purl
pkg:deb/debian/chromium?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
71.0.3578.80-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / sqlite3

Package

Name
sqlite3
Purl
pkg:deb/debian/sqlite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sqlite3

Package

Name
sqlite3
Purl
pkg:deb/debian/sqlite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sqlite3

Package

Name
sqlite3
Purl
pkg:deb/debian/sqlite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.25.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}