CVE-2018-20505: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by…

high7.5CVSS 3.0

AVNACLPRNUINSUCNINAH

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Affected

25 ranges

Vendor	Product	Version range	Fixed in
apple	icloud	< 7.10	7.10
apple	icloud_for_windows	—	—
apple	ios	—	—
apple	iphone_os	< 12.1.3	12.1.3
apple	itunes	< 12.9.3	12.9.3
apple	itunes_12.9.3_for_windows	—	—
apple	mac_os_x	< 10.14.2	10.14.2
apple	macos_mojave_10.14.3_security_update_2019-001_high_sierra_security_update_2019-0	—	—
apple	tvos	—	—
apple	watchos	< 5.1.3	5.1.3
apple	watchos	—	—
debian	sqlite3	< sqlite3 3.25.3-1 (bookworm)	sqlite3 3.25.3-1 (bookworm)
ghost	sqlite3	>= 0 < 3.25.3-1	3.25.3-1
ghost	sqlite3	>= 0 < 3.25.3-1	3.25.3-1
ghost	sqlite3	>= 0 < 3.25.3-1	3.25.3-1
ghost	sqlite3	>= 0 < 3.25.3-1	3.25.3-1
ghost	sqlite3	>= 0 < 3.11.0-1ubuntu1.2	3.11.0-1ubuntu1.2
ghost	sqlite3	>= 0 < 3.22.0-1ubuntu0.1	3.22.0-1ubuntu0.1
msrc	azl3_ceph_16.2.10-3_on_azure_linux_3.0	—	—
msrc	azl3_ceph_18.2.1-1_on_azure_linux_3.0	—	—
msrc	azl3_heimdal_7.8.0-3_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl2_ceph_16.2.10-7_on_cbl_mariner_2.0	—	—
sqlite	sqlite	<= 3.25.2	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH