PRIOn knowledge basePRION:CVE-2018-20346Integer overflow
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
References
lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
www.securityfocus.com/bid/106323
access.redhat.com/articles/3758321
blade.tencent.com/magellan/index_en.html
bugzilla.redhat.com/show_bug.cgi?id=1659379
bugzilla.redhat.com/show_bug.cgi?id=1659677
chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
crbug.com/900910
github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
kc.mcafee.com/corporate/index?page=content&id=SB10365
lists.debian.org/debian-lts-announce/2018/12/msg00012.html
lists.debian.org/debian-lts-announce/2020/08/msg00037.html
lists.fedoraproject.org/archives/list/[email protected]/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
news.ycombinator.com/item?id=18685296
security.gentoo.org/glsa/201904-21
sqlite.org/src/info/940f2adc8541a838
sqlite.org/src/info/d44318f59044162e
support.apple.com/HT209443
support.apple.com/HT209446
support.apple.com/HT209447
support.apple.com/HT209448
support.apple.com/HT209450
support.apple.com/HT209451
usn.ubuntu.com/4019-1/
usn.ubuntu.com/4019-2/
worthdoingbadly.com/sqlitebug/
www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
www.mail-archive.com/[email protected]/msg113218.html
www.oracle.com/security-alerts/cpuapr2020.html
www.sqlite.org/releaselog/3_25_3.html
www.synology.com/security/advisory/Synology_SA_18_61
Related
