CVE-2018-20505 - Vulncode-DB

ID:
CVE-2018-20505 (NVD)
- Vulnerability Info (edit)

2019-04-03

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Products	Icloud, Iphone_os, Itunes, Mac_os_x, Watchos, Sqlite
Type	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
First patch	- None (likely due to unavailable code)
Links	• https://seclists.org/bugtraq/2019/Jan/31 • https://support.apple.com/kb/HT209443 • https://support.apple.com/kb/HT209447 • https://seclists.org/bugtraq/2019/Jan/33 • https://seclists.org/bugtraq/2019/Jan/32 More/Less (17) • http://seclists.org/fulldisclosure/2019/Jan/67 • http://www.securityfocus.com/bid/106698 • http://seclists.org/fulldisclosure/2019/Jan/68 • https://security.netapp.com/advisory/ntap-20190502-0004/ • https://support.apple.com/kb/HT209446 • https://support.apple.com/kb/HT209451 • http://seclists.org/fulldisclosure/2019/Jan/62 • https://seclists.org/bugtraq/2019/Jan/28 • https://support.apple.com/kb/HT209450 • https://support.apple.com/kb/HT209448 • https://sqlite.org/src/info/1a84668dcfdebaf12415d • http://seclists.org/fulldisclosure/2019/Jan/69 • https://seclists.org/bugtraq/2019/Jan/39 • https://usn.ubuntu.com/4019-1/ • https://seclists.org/bugtraq/2019/Jan/29 • http://seclists.org/fulldisclosure/2019/Jan/66 • http://seclists.org/fulldisclosure/2019/Jan/64
Annotation	Note: No patch was assigned yet.