First published: Tue Jan 22 2019(Updated: )
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Credit: Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iCloud for Windows | <7.10 | 7.10 |
Apple iTunes for Windows | <12.9.3 | 12.9.3 |
Apple watchOS | <5.1.3 | 5.1.3 |
Apple macOS Mojave | <10.14.3 | 10.14.3 |
Apple High Sierra | ||
Apple Sierra | ||
Apple tvOS | <12.1.2 | 12.1.2 |
Apple iOS | <12.1.3 | 12.1.3 |
SQLite SQLite | <=3.25.2 | |
Apple iPhone OS | <12.1.3 | |
Apple Mac OS X | <10.14.2 | |
Apple watchOS | <5.1.3 | |
Apple iCloud | <7.10 | |
Apple iTunes | <12.9.3 | |
Microsoft Windows | ||
All of | ||
Any of | ||
Apple iCloud | <7.10 | |
Apple iTunes | <12.9.3 | |
Microsoft Windows | ||
ubuntu/sqlite3 | <3.22.0-1ubuntu0.1 | 3.22.0-1ubuntu0.1 |
ubuntu/sqlite3 | <3.24.0-1ubuntu0.1 | 3.24.0-1ubuntu0.1 |
ubuntu/sqlite3 | <3.25.3-1 | 3.25.3-1 |
debian/sqlite | 2.8.17-15 2.8.17-15+deb10u1 | |
debian/sqlite3 | 3.27.2-3+deb10u1 3.27.2-3+deb10u2 3.34.1-3 3.40.1-2 3.45.1-1 3.45.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The vulnerability ID for this SQLite vulnerability is CVE-2018-20505.
The severity of CVE-2018-20505 is high.
CVE-2018-20505 affects SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY, allowing remote attackers to cause a denial of service (application crash) by running arbitrary SQL statements.
The affected software versions by CVE-2018-20505 include SQLite 3.25.2, Apple iPhone OS up to 12.1.3, Apple macOS up to 10.14.2, Apple watchOS up to 5.1.3, Apple iCloud up to 7.10, and Apple iTunes up to 12.9.3.
To mitigate the CVE-2018-20505 vulnerability, it is recommended to update SQLite to a version that includes the fix or apply the necessary patches provided by the software vendor.