CVE-2018-20346

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-20346
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20346.json
Related
Published
2018-12-21T21:29:00Z
Modified
2023-11-29T06:18:30.985251Z
Details

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

References

Affected packages

Alpine:v3.6 / sqlite

Package

Name
sqlite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r2
3.7.0.1-r2
3.7.1-r2
3.7.2-r2
3.7.3-r2
3.7.4-r2
3.7.5-r2
3.7.6-r2
3.7.6.1-r2
3.7.6.2-r2
3.7.6.3-r2
3.7.7-r2
3.7.7.1-r2
3.7.8-r2
3.7.9-r2
3.7.10-r2
3.7.11-r2
3.7.12-r2
3.7.12.1-r2
3.7.13-r2
3.7.14-r2
3.7.14.1-r2
3.7.15-r2
3.7.15.1-r2
3.7.15.2-r2
3.7.16.1-r2
3.7.16.2-r2
3.7.17-r2
3.8.0-r2
3.8.0.1-r2
3.8.0.2-r2
3.8.1-r2
3.8.2-r2
3.8.3-r2
3.8.3.1-r2
3.8.4-r2
3.8.4.1-r2
3.8.4.2-r2
3.8.4.3-r2
3.8.5-r2
3.8.6-r2
3.8.7-r2
3.8.7.1-r2
3.8.7.2-r2
3.8.7.3-r2
3.8.7.4-r2
3.8.8.1-r2
3.8.8.2-r2
3.8.8.3-r2
3.8.9-r2
3.8.10-r2
3.8.10.1-r2
3.8.10.2-r2
3.8.11-r2
3.8.11.1-r2
3.9.0-r2
3.9.1-r2
3.9.2-r2
3.10.2-r2
3.11.0-r2
3.11.1-r2
3.12.0-r2
3.12.1-r2
3.12.2-r2
3.13.0-r2
3.14.1-r2
3.14.2-r2
3.15.0-r2
3.15.1-r2
3.15.2-r2
3.16.0-r2
3.16.2-r2
3.17.0-r2
3.18.0-r2
3.20.1-r2

Alpine:v3.7 / sqlite

Package

Name
sqlite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r2
3.7.0.1-r2
3.7.1-r2
3.7.2-r2
3.7.3-r2
3.7.4-r2
3.7.5-r2
3.7.6-r2
3.7.6.1-r2
3.7.6.2-r2
3.7.6.3-r2
3.7.7-r2
3.7.7.1-r2
3.7.8-r2
3.7.9-r2
3.7.10-r2
3.7.11-r2
3.7.12-r2
3.7.12.1-r2
3.7.13-r2
3.7.14-r2
3.7.14.1-r2
3.7.15-r2
3.7.15.1-r2
3.7.15.2-r2
3.7.16.1-r2
3.7.16.2-r2
3.7.17-r2
3.8.0-r2
3.8.0.1-r2
3.8.0.2-r2
3.8.1-r2
3.8.2-r2
3.8.3-r2
3.8.3.1-r2
3.8.4-r2
3.8.4.1-r2
3.8.4.2-r2
3.8.4.3-r2
3.8.5-r2
3.8.6-r2
3.8.7-r2
3.8.7.1-r2
3.8.7.2-r2
3.8.7.3-r2
3.8.7.4-r2
3.8.8.1-r2
3.8.8.2-r2
3.8.8.3-r2
3.8.9-r2
3.8.10-r2
3.8.10.1-r2
3.8.10.2-r2
3.8.11-r2
3.8.11.1-r2
3.9.0-r2
3.9.1-r2
3.9.2-r2
3.10.2-r2
3.11.0-r2
3.11.1-r2
3.12.0-r2
3.12.1-r2
3.12.2-r2
3.13.0-r2
3.14.1-r2
3.14.2-r2
3.15.0-r2
3.15.1-r2
3.15.2-r2
3.16.0-r2
3.16.2-r2
3.17.0-r2
3.18.0-r2
3.19.3-r2
3.20.0-r2
3.20.1-r2
3.21.0-r2

Alpine:v3.8 / sqlite

Package

Name
sqlite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.25.3-r0

Affected versions

3.*

3.6.10-r0
3.6.15-r0
3.6.22-r0
3.6.22-r1
3.6.22-r2
3.7.0-r2
3.7.0.1-r2
3.7.1-r2
3.7.2-r2
3.7.3-r2
3.7.4-r2
3.7.5-r2
3.7.6-r2
3.7.6.1-r2
3.7.6.2-r2
3.7.6.3-r2
3.7.7-r2
3.7.7.1-r2
3.7.8-r2
3.7.9-r2
3.7.10-r2
3.7.11-r2
3.7.12-r2
3.7.12.1-r2
3.7.13-r2
3.7.14-r2
3.7.14.1-r2
3.7.15-r2
3.7.15.1-r2
3.7.15.2-r2
3.7.16.1-r2
3.7.16.2-r2
3.7.17-r2
3.8.0-r2
3.8.0.1-r2
3.8.0.2-r2
3.8.1-r2
3.8.2-r2
3.8.3-r2
3.8.3.1-r2
3.8.4-r2
3.8.4.1-r2
3.8.4.2-r2
3.8.4.3-r2
3.8.5-r2
3.8.6-r2
3.8.7-r2
3.8.7.1-r2
3.8.7.2-r2
3.8.7.3-r2
3.8.7.4-r2
3.8.8.1-r2
3.8.8.2-r2
3.8.8.3-r2
3.8.9-r2
3.8.10-r2
3.8.10.1-r2
3.8.10.2-r2
3.8.11-r2
3.8.11.1-r2
3.9.0-r2
3.9.1-r2
3.9.2-r2
3.10.2-r2
3.11.0-r2
3.11.1-r2
3.12.0-r2
3.12.1-r2
3.12.2-r2
3.13.0-r2
3.14.1-r2
3.14.2-r2
3.15.0-r2
3.15.1-r2
3.15.2-r2
3.16.0-r2
3.16.2-r2
3.17.0-r2
3.18.0-r2
3.19.3-r2
3.20.0-r2
3.20.1-r2
3.21.0-r2
3.22.0-r2
3.23.0-r2
3.23.1-r2
3.24.0-r2