CVE-2018-20506 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-20506 PUBLISHED CVSS 8.100000381469727 HIGH

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allow-ing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

EPSS 8.49% · 92.3th percentile

Risk Scores

CVSS v3.0

8.100000381469727

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

8.49%

92.3th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=2.0.0.42
ABB	ABB B&R Automation Studio <6.5
ABB	B&R Industrial Automation GmbH Automation Studio <6.5

Timeline

Dec 21, 2018 CVE Published
Jan 28, 2019 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

Open in Interactive Console →