CVE-2018-20346

Public Exploit

Description

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Category

8.1
CVSS
Severity: High
CVSS 3.0 •
CVSS 2.0 •
EPSS 17.83% Top 10%
Vendor Advisory freebsd.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory gentoo.org Vendor Advisory ubuntu.com Vendor Advisory ubuntu.com Vendor Advisory fedoraproject.org Vendor Advisory sqlite.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://worthdoingbadly.com/sqlitebug/ third party advisory exploit
https://support.apple.com/HT209446
https://bugzilla.redhat.com/show_bug.cgi?id=1659379 third party advisory issue tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1659677 third party advisory issue tracking
https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html third party advisory mailing list
https://www.synology.com/security/advisory/Synology_SA_18_61 third party advisory
https://access.redhat.com/articles/3758321 third party advisory
https://support.apple.com/HT209443
https://blade.tencent.com/magellan/index_en.html third party advisory
https://support.apple.com/HT209451
https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html third party advisory exploit
https://news.ycombinator.com/item?id=18685296 third party advisory
https://support.apple.com/HT209450
https://sqlite.org/src/info/940f2adc8541a838 third party advisory patch
https://support.apple.com/HT209448
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e third party advisory
https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html
http://www.securityfocus.com/bid/106323 third party advisory vdb entry
https://crbug.com/900910 third party advisory permissions required
https://sqlite.org/src/info/d44318f59044162e third party advisory patch
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc third party advisory vendor advisory
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html third party advisory
https://www.sqlite.org/releaselog/3_25_3.html release notes vendor advisory
https://support.apple.com/HT209447
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html vendor advisory mailing list third party advisory
https://security.gentoo.org/glsa/201904-21 third party advisory vendor advisory
https://usn.ubuntu.com/4019-1/ vendor advisory
https://usn.ubuntu.com/4019-2/ vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/ vendor advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html mailing list
https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Frequently Asked Questions

What is the severity of CVE-2018-20346?
CVE-2018-20346 has been scored as a high severity vulnerability.
How to fix CVE-2018-20346?
To fix CVE-2018-20346, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-20346 being actively exploited in the wild?
It is possible that CVE-2018-20346 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~18% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.