CVE-2018-20506 vulnerability in SQLite and Other Products
Published on April 3, 2019

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-20506

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-20506 are published in these products:

SQLite

Apple iOS

Apple macOS

Apple tvOS

Apple watchOS

OpenSuse Leap

Exploit Probability

EPSS

8.49%

Percentile

92.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-20506 vulnerability in SQLite and Other ProductsPublished on April 3, 2019

Products Associated with CVE-2018-20506

Exploit Probability

CVE-2018-20506 vulnerability in SQLite and Other Products
Published on April 3, 2019