CVE-2021-36690: SQL Injection
First published: Tue Aug 24 2021(Updated: )
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Credit: cve@mitre.org CVE-2021-36690 CVE-2021-36690 CVE-2021-36690 CVE-2021-36690 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DRM | <=2.0.6 | |
| SQLite SQLite | =3.36.0 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| Apple iPhone OS | <16.0 | |
| Apple macOS | <13.0 | |
| Apple tvOS | <16.0 | |
| Apple watchOS | <9.0 | |
| Apple tvOS | <16 | 16 |
| Apple macOS Ventura | <13 | 13 |
| Apple iOS | <16 | 16 |
| Apple watchOS | <9 | 9 |
| =3.36.0 | ||
| =8.8 | ||
| <16.0 | ||
| <13.0 | ||
| <16.0 | ||
| <9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213446 (Advisory)
- https://support.apple.com/en-us/HT213486 (Advisory)
- https://support.apple.com/en-us/HT213487 (Advisory)
- https://support.apple.com/en-us/HT213488 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/208138
- https://www.ibm.com/support/pages/node/6497499 (Advisory)
- http://seclists.org/fulldisclosure/2022/Oct/28
- http://seclists.org/fulldisclosure/2022/Oct/39
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/47
- http://seclists.org/fulldisclosure/2022/Oct/49
- https://support.apple.com/kb/HT213446
- https://support.apple.com/kb/HT213486
- https://support.apple.com/kb/HT213487
- https://support.apple.com/kb/HT213488
- https://www.sqlite.org/forum/forumpost/718c0a8d17
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-42795
- CVE-2022-32907
- CVE-2022-32903
- CVE-2022-1622
- CVE-2022-32913
- CVE-2022-32949
- CVE-2022-32864
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32914
- CVE-2022-32908
- CVE-2022-32879
- CVE-2022-32881
- CVE-2021-36690
- CVE-2022-32886
- CVE-2022-32888
- CVE-2022-32912
- CVE-2022-32891
- CVE-2022-46709
- CVE-2022-32925
- CVE-2022-48577
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-46721
- CVE-2022-47915
- CVE-2022-47965
- CVE-2022-32889
- CVE-2022-32827
- CVE-2022-32877
- CVE-2022-42789
- CVE-2022-42825
- CVE-2022-46722
- CVE-2022-32902
- CVE-2022-32904
- CVE-2022-32890
- CVE-2022-42796
- CVE-2022-42798
- CVE-2022-32940
- CVE-2022-42816
- CVE-2022-42821
- CVE-2022-42860
- CVE-2022-42819
- CVE-2022-42813
- CVE-2022-26730
- CVE-2022-32945
- CVE-2022-42838
- CVE-2022-22663
- CVE-2022-32867
- CVE-2022-32205
- CVE-2022-32206
- CVE-2022-32207
- CVE-2022-32208
- CVE-2022-42814
- CVE-2022-32865
- CVE-2022-32915
- CVE-2022-32928
- CVE-2022-22643
- CVE-2022-32935
- CVE-2022-42788
- CVE-2022-48504
- CVE-2022-32905
- CVE-2022-42833
- CVE-2022-32947
- CVE-2022-42809
- CVE-2022-3437
- CVE-2022-32849
- CVE-2022-32809
- CVE-2022-32936
- CVE-2022-42820
- CVE-2022-42806
- CVE-2022-32924
- CVE-2022-42808
- CVE-2022-32944
- CVE-2022-42803
- CVE-2022-32926
- CVE-2022-42801
- CVE-2022-46712
- CVE-2022-42815
- CVE-2022-42834
- CVE-2022-46707
- CVE-2022-32883
- CVE-2022-42810
- CVE-2021-39537
- CVE-2022-29458
- CVE-2022-42818
- CVE-2022-32895
- CVE-2022-46713
- CVE-2022-42807
- CVE-2022-32918
- CVE-2022-42829
- CVE-2022-42830
- CVE-2022-42831
- CVE-2022-42832
- CVE-2022-32941
- CVE-2022-28739
- CVE-2022-32862
- CVE-2022-32931
- CVE-2022-42811
- CVE-2022-42793
- CVE-2022-32876
- CVE-2022-32938
- CVE-2022-42790
- CVE-2022-32870
- CVE-2022-32934
- CVE-2022-42791
- CVE-2022-48505
- CVE-2022-26699
- CVE-2022-0261
- CVE-2022-0318
- CVE-2022-0319
- CVE-2022-0351
- CVE-2022-0359
- CVE-2022-0361
- CVE-2022-0368
- CVE-2022-0392
- CVE-2022-0554
- CVE-2022-0572
- CVE-2022-0629
- CVE-2022-0685
- CVE-2022-0696
- CVE-2022-0714
- CVE-2022-0729
- CVE-2022-0943
- CVE-2022-1381
- CVE-2022-1420
- CVE-2022-1725
- CVE-2022-1616
- CVE-2022-1619
- CVE-2022-1620
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-1674
- CVE-2022-1733
- CVE-2022-1735
- CVE-2022-1769
- CVE-2022-1927
- CVE-2022-1942
- CVE-2022-1968
- CVE-2022-1851
- CVE-2022-1897
- CVE-2022-1898
- CVE-2022-1720
- CVE-2022-2000
- CVE-2022-2042
- CVE-2022-2124
- CVE-2022-2125
- CVE-2022-2126
- CVE-2022-42828
- CVE-2022-32875
- CVE-2022-42826
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32923
- CVE-2022-32922
- CVE-2022-32892
- CVE-2022-32833
- CVE-2022-37434
- CVE-2022-42800
- CVE-2022-32909
- CVE-2022-32854
- CVE-2022-32793
- CVE-2022-26744
- CVE-2022-32887
- CVE-2022-32916
- CVE-2022-32917
- CVE-2022-32795
- CVE-2022-32868
- CVE-2022-32872
- CVE-2022-32871
- CVE-2022-32859
- CVE-2022-32835
- CVE-2022-32894
- CVE-2022-32893
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-36690.
What software is affected by this vulnerability?
The affected software includes Apple iOS (up to version 16), Apple tvOS (up to version 16), Apple watchOS (up to version 9), and macOS Ventura (up to version 13).
What is the severity of CVE-2021-36690?
The severity of CVE-2021-36690 has not been specified.
How was this vulnerability addressed?
This vulnerability was addressed with improved checks.
Is there any additional information about this vulnerability?
Additional information about this vulnerability can be found in the references provided by Apple: [link1], [link2], [link3].
- collector/ibm-support
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/apple-support
- agent/author
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/status
- agent/event
- source/Apple
- agent/software-canonical-lookup
- agent/tags
- agent/last-modified-date
- agent/description
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm drm
- version/ibm drm/2.0.6
- status/disputed
- vendor/sqlite
- canonical/sqlite sqlite
- version/sqlite sqlite/3.36.0
- vendor/oracle
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8
- vendor/apple
- canonical/apple iphone os
- canonical/apple macos
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos ventura
- canonical/apple ios