CVE-2018-20505: SQL Injection
First published: Tue Jan 22 2019(Updated: )
Last updated 24 July 2024
Credit: Tencent Blade Team cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2+deb12u1 3.46.1-1 | |
| tvOS | <12.1.2 | 12.1.2 |
| macOS Mojave | <10.14.3 | 10.14.3 |
| macOS High Sierra | ||
| macOS High Sierra | ||
| Apple iOS, iPadOS, and watchOS | <12.1.3 | 12.1.3 |
| Apple iOS, iPadOS, and watchOS | <5.1.3 | 5.1.3 |
| Apple iCloud | <7.10 | 7.10 |
| Apple iTunes | <12.9.3 | 12.9.3 |
| SQLite | <=3.25.2 | |
| iStyle @cosme iPhone OS | <12.1.3 | |
| Apple iOS and macOS | <10.14.2 | |
| Apple iOS, iPadOS, and watchOS | <5.1.3 | |
| All of | ||
| Any of | ||
| Apple iCloud for Windows | <7.10 | |
| Apple iTunes for Windows | <12.9.3 | |
| Microsoft Windows | ||
| Apple iCloud for Windows | <7.10 | |
| Apple iTunes for Windows | <12.9.3 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209451 (Advisory)
- https://support.apple.com/en-us/HT209450 (Advisory)
- https://security.netapp.com/advisory/ntap-20190502-0004/
- http://seclists.org/fulldisclosure/2019/Jan/62
- http://seclists.org/fulldisclosure/2019/Jan/64
- http://seclists.org/fulldisclosure/2019/Jan/66
- http://seclists.org/fulldisclosure/2019/Jan/67
- http://seclists.org/fulldisclosure/2019/Jan/68
- http://seclists.org/fulldisclosure/2019/Jan/69
- http://www.securityfocus.com/bid/106698
- https://seclists.org/bugtraq/2019/Jan/28
- https://seclists.org/bugtraq/2019/Jan/29
- https://seclists.org/bugtraq/2019/Jan/31
- https://seclists.org/bugtraq/2019/Jan/32
- https://seclists.org/bugtraq/2019/Jan/33
- https://seclists.org/bugtraq/2019/Jan/39
- https://sqlite.org/src/info/1a84668dcfdebaf12415d
- https://support.apple.com/kb/HT209443
- https://support.apple.com/kb/HT209446
- https://support.apple.com/kb/HT209447
- https://support.apple.com/kb/HT209448
- https://support.apple.com/kb/HT209450
- https://support.apple.com/kb/HT209451
- https://usn.ubuntu.com/4019-1/
- https://launchpad.net/bugs/cve/CVE-2018-20505
- https://support.apple.com/en-us/HT209448 (Advisory)
- https://support.apple.com/en-us/HT209446 (Advisory)
- https://support.apple.com/en-us/HT209447 (Advisory)
- https://support.apple.com/en-us/HT209443 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-20505
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
- https://nvd.nist.gov/vuln/detail/CVE-2018-20505
- https://ubuntu.com/security/CVE-2018-20505
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-6235
- CVE-2019-6231
- CVE-2019-6230
- CVE-2019-6224
- CVE-2019-6214
- CVE-2019-6225
- CVE-2019-6210
- CVE-2019-6205
- CVE-2019-6213
- CVE-2019-6209
- CVE-2019-6208
- CVE-2019-6218
- CVE-2018-20346
- CVE-2018-20505
- CVE-2018-20506
- CVE-2019-6227
- CVE-2019-6233
- CVE-2019-6234
- CVE-2019-6229
- CVE-2019-6215
- CVE-2019-6212
- CVE-2019-6216
- CVE-2019-6217
- CVE-2019-6226
- CVE-2019-8570
- CVE-2019-6200
- CVE-2019-6202
- CVE-2019-6221
- CVE-2018-4467
- CVE-2018-4452
- CVE-2019-6219
- CVE-2019-6220
- CVE-2019-6211
- CVE-2019-6206
- CVE-2019-6228
Frequently Asked Questions
What is the vulnerability ID for this SQLite vulnerability?
The vulnerability ID for this SQLite vulnerability is CVE-2018-20505.
What is the severity of CVE-2018-20505?
The severity of CVE-2018-20505 is high.
How does CVE-2018-20505 affect SQLite?
CVE-2018-20505 affects SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY, allowing remote attackers to cause a denial of service (application crash) by running arbitrary SQL statements.
Which software versions are affected by CVE-2018-20505?
The affected software versions by CVE-2018-20505 include SQLite 3.25.2, Apple iPhone OS up to 12.1.3, Apple macOS up to 10.14.2, Apple watchOS up to 5.1.3, Apple iCloud up to 7.10, and Apple iTunes up to 12.9.3.
How can I mitigate the CVE-2018-20505 vulnerability?
To mitigate the CVE-2018-20505 vulnerability, it is recommended to update SQLite to a version that includes the fix or apply the necessary patches provided by the software vendor.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2018-20505
- alias/CVE-2018-20506
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/debian
- vendor/apple
- canonical/tvos
- canonical/macos mojave
- canonical/macos high sierra
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- canonical/apple itunes
- vendor/sqlite
- canonical/sqlite
- version/sqlite/3.25.2
- canonical/istyle @cosme iphone os
- canonical/apple ios and macos
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- vendor/microsoft
- canonical/microsoft windows