VDB

CVE-2018-20506

CVE-2018-20506 PUBLISHED CVSS 8.100000381469727 HIGH

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allow-ing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

EPSS 8.70% · 92.6th percentile

Risk Scores

CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
8.70%
92.6th percentile

Affected Products

VendorProductVersions
ABBABB Ability Camera Connect <=2.0.0.42
ABBABB B&R Automation Studio <6.5
ABBB&R Industrial Automation GmbH Automation Studio <6.5

Timeline

  • Dec 21, 2018 CVE Published
  • Jan 28, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jul 31, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›