%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Affected Component
Analysis
sqlite
Exploitable
Name
CVE-2018-20346
Description
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CWEs
Published Date
Updated Date
Workaround
-
Advisories
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.htmlThird Party Advisory
https://access.redhat.com/articles/3758321Third Party Advisory
https://blade.tencent.com/magellan/index_en.htmlThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1659379Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1659677Issue Tracking
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlThird Party Advisory
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786eThird Party Advisory
https://crbug.com/900910Permissions Required
https://news.ycombinator.com/item?id=18685296Third Party Advisory
https://security.gentoo.org/glsa/201904-21Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.ascThird Party Advisory
https://www.sqlite.org/releaselog/3_25_3.htmlRelease Notes
https://www.synology.com/security/advisory/Synology_SA_18_61Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.htmlThird Party Advisory
https://access.redhat.com/articles/3758321Third Party Advisory
https://blade.tencent.com/magellan/index_en.htmlThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1659379Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1659677Issue Tracking
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlThird Party Advisory
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786eThird Party Advisory
https://crbug.com/900910Permissions Required
https://news.ycombinator.com/item?id=18685296Third Party Advisory
https://security.gentoo.org/glsa/201904-21Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.ascThird Party Advisory
https://www.sqlite.org/releaselog/3_25_3.htmlRelease Notes
https://www.synology.com/security/advisory/Synology_SA_18_61Third Party Advisory
Analysis#
Vulnerability Ratings#
8.1
other
6.8
CVSSv2