VDB

CVE-2018-20346

CVE-2018-20346 PUBLISHED CVSS 8.100000381469727 HIGH

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

EPSS 13.52% · 94.4th percentile

Risk Scores

CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
13.52%
94.4th percentile

Affected Products

VendorProductVersions
ABBB&R Industrial Automation GmbH Automation Studio <6.5
ABBABB Ability Camera Connect <=2.0.0.42
ABBABB B&R Automation Studio <6.5

Timeline

  • CVE Published
  • Jan 28, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • May 13, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›