VDB
GSD-2018-20346
GSD-2018-20346
PUBLISHED
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 3, 2009 CVE Published
- Jan 28, 2019 PoC Published
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- https://worthdoingbadly.com/sqlitebug/ url
- https://support.apple.com/HT209446 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1659379 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1659677 url
- [debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update mailing-list
- https://www.synology.com/security/advisory/Synology_SA_18_61 url
- https://access.redhat.com/articles/3758321 url
- https://support.apple.com/HT209443 url
- https://blade.tencent.com/magellan/index_en.html url
- https://support.apple.com/HT209451 url
- https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html url
- https://news.ycombinator.com/item?id=18685296 url
- https://support.apple.com/HT209450 url
- https://sqlite.org/src/info/940f2adc8541a838 url
- https://support.apple.com/HT209448 url
- https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e url
- https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html url
- 106323 vdb
- https://crbug.com/900910 url
- https://sqlite.org/src/info/d44318f59044162e url
…and 13 more