CVE-2018-20505: SQL Injection
First published: Tue Jan 22 2019(Updated: )
Last updated 24 July 2024
Credit: Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team Tencent Blade Team cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <7.10 | 7.10 |
| Apple iTunes for Windows | <12.9.3 | 12.9.3 |
| Apple watchOS | <5.1.3 | 5.1.3 |
| Apple tvOS | <12.1.2 | 12.1.2 |
| Apple iOS | <12.1.3 | 12.1.3 |
| debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2+deb12u1 3.46.1-1 | |
| Apple macOS | <10.14.3 | 10.14.3 |
| Apple High Sierra | ||
| Apple Sierra | ||
| SQLite | <=3.25.2 | |
| Apple iPhone OS | <12.1.3 | |
| Apple Mac OS X | <10.14.2 | |
| Apple watchOS | <5.1.3 | |
| All of | ||
| Any of | ||
| Apple iCloud | <7.10 | |
| Apple iTunes | <12.9.3 | |
| Microsoft Windows | ||
| Apple iCloud | <7.10 | |
| Apple iTunes | <12.9.3 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209451 (Advisory)
- https://support.apple.com/en-us/HT209450 (Advisory)
- https://security.netapp.com/advisory/ntap-20190502-0004/
- http://seclists.org/fulldisclosure/2019/Jan/62
- http://seclists.org/fulldisclosure/2019/Jan/64
- http://seclists.org/fulldisclosure/2019/Jan/66
- http://seclists.org/fulldisclosure/2019/Jan/67
- http://seclists.org/fulldisclosure/2019/Jan/68
- http://seclists.org/fulldisclosure/2019/Jan/69
- http://www.securityfocus.com/bid/106698
- https://seclists.org/bugtraq/2019/Jan/28
- https://seclists.org/bugtraq/2019/Jan/29
- https://seclists.org/bugtraq/2019/Jan/31
- https://seclists.org/bugtraq/2019/Jan/32
- https://seclists.org/bugtraq/2019/Jan/33
- https://seclists.org/bugtraq/2019/Jan/39
- https://sqlite.org/src/info/1a84668dcfdebaf12415d
- https://support.apple.com/kb/HT209443
- https://support.apple.com/kb/HT209446
- https://support.apple.com/kb/HT209447
- https://support.apple.com/kb/HT209448
- https://support.apple.com/kb/HT209450
- https://support.apple.com/kb/HT209451
- https://usn.ubuntu.com/4019-1/
- https://launchpad.net/bugs/cve/CVE-2018-20505
- https://support.apple.com/en-us/HT209448 (Advisory)
- https://support.apple.com/en-us/HT209446 (Advisory)
- https://support.apple.com/en-us/HT209447 (Advisory)
- https://support.apple.com/en-us/HT209443 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-20505
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
- https://nvd.nist.gov/vuln/detail/CVE-2018-20505
- https://ubuntu.com/security/CVE-2018-20505
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-20346
- CVE-2018-20505
- CVE-2018-20506
- CVE-2019-6215
- CVE-2019-6212
- CVE-2019-6216
- CVE-2019-6217
- CVE-2019-6226
- CVE-2019-6227
- CVE-2019-6233
- CVE-2019-6234
- CVE-2019-6229
- CVE-2019-8570
- CVE-2019-6235
- CVE-2019-6221
- CVE-2019-6202
- CVE-2019-6231
- CVE-2019-6230
- CVE-2019-6224
- CVE-2019-6214
- CVE-2019-6210
- CVE-2019-6213
- CVE-2019-6209
- CVE-2019-6219
- CVE-2019-6225
- CVE-2019-6205
- CVE-2019-6208
- CVE-2019-6218
- CVE-2019-6200
- CVE-2019-6206
- CVE-2019-6228
- CVE-2019-6211
- CVE-2018-4467
- CVE-2018-4452
- CVE-2019-6220
Frequently Asked Questions
What is the vulnerability ID for this SQLite vulnerability?
The vulnerability ID for this SQLite vulnerability is CVE-2018-20505.
What is the severity of CVE-2018-20505?
The severity of CVE-2018-20505 is high.
How does CVE-2018-20505 affect SQLite?
CVE-2018-20505 affects SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY, allowing remote attackers to cause a denial of service (application crash) by running arbitrary SQL statements.
Which software versions are affected by CVE-2018-20505?
The affected software versions by CVE-2018-20505 include SQLite 3.25.2, Apple iPhone OS up to 12.1.3, Apple macOS up to 10.14.2, Apple watchOS up to 5.1.3, Apple iCloud up to 7.10, and Apple iTunes up to 12.9.3.
How can I mitigate the CVE-2018-20505 vulnerability?
To mitigate the CVE-2018-20505 vulnerability, it is recommended to update SQLite to a version that includes the fix or apply the necessary patches provided by the software vendor.
- collector/apple-support
- alias/CVE-2018-20505
- alias/CVE-2018-20506
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/software-canonical-lookup-request
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- package-manager/debian
- canonical/apple macos
- canonical/apple high sierra
- canonical/apple sierra
- vendor/sqlite
- canonical/sqlite
- version/sqlite/3.25.2
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple icloud
- canonical/apple itunes
- vendor/microsoft
- canonical/microsoft windows