Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Remediation

References

CVE-2018-20346

Related Vulnerabilities

WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.31)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-41665)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Directory Traversal (1.7.14.2)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-3385)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

Severity

High

Classification

CVE-2018-20346 CWE-190 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities