Veracode Vulnerability DatabaseVERACODE:28443Arbitrary Code Execution
0.9 High
EPSS
Percentile
98.8%
SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| chromium:stretch | eq | 70.0.3538.110-1~deb9u1 | |
| sqlite3:stretch | eq | 3.16.2-5+deb9u1 | |
| sqlite | le | 3.13.0 |
References
lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html
lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html
www.securityfocus.com/bid/106323
access.redhat.com/articles/3758321
blade.tencent.com/magellan/index_en.html
bugzilla.redhat.com/show_bug.cgi?id=1659379
bugzilla.redhat.com/show_bug.cgi?id=1659677
chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
crbug.com/900910
github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html
kc.mcafee.com/corporate/index?page=content&id=SB10365
lists.debian.org/debian-lts-announce/2018/12/msg00012.html
lists.debian.org/debian-lts-announce/2020/08/msg00037.html
lists.fedoraproject.org/archives/list/[email protected]/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
news.ycombinator.com/item?id=18685296
security-tracker.debian.org/tracker/CVE-2018-20346
security.gentoo.org/glsa/201904-21
sqlite.org/src/info/940f2adc8541a838
sqlite.org/src/info/d44318f59044162e
support.apple.com/HT209443
support.apple.com/HT209446
support.apple.com/HT209447
support.apple.com/HT209448
support.apple.com/HT209450
support.apple.com/HT209451
usn.ubuntu.com/4019-1/
usn.ubuntu.com/4019-2/
worthdoingbadly.com/sqlitebug/
www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc
www.mail-archive.com/[email protected]/msg113218.html
www.oracle.com/security-alerts/cpuapr2020.html
www.sqlite.org/releaselog/3_25_3.html
www.synology.com/security/advisory/Synology_SA_18_61
Related
