CVE-2018-20505 - Vulncode-DB

CVE-2018-20505 (NVD)

2019-04-03

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Products	Icloud, Iphone_os, Itunes, Mac_os_x, Watchos, Sqlite
Type	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
First patch	- None (likely due to unavailable code)
Links	• http://seclists.org/fulldisclosure/2019/Jan/69 • http://www.securityfocus.com/bid/106698 • http://seclists.org/fulldisclosure/2019/Jan/68 • https://support.apple.com/kb/HT209447 • http://seclists.org/fulldisclosure/2019/Jan/62 More/Less (17) • http://seclists.org/fulldisclosure/2019/Jan/66 • https://seclists.org/bugtraq/2019/Jan/29 • https://sqlite.org/src/info/1a84668dcfdebaf12415d • https://seclists.org/bugtraq/2019/Jan/28 • https://support.apple.com/kb/HT209450 • https://support.apple.com/kb/HT209448 • https://seclists.org/bugtraq/2019/Jan/31 • https://support.apple.com/kb/HT209446 • https://usn.ubuntu.com/4019-1/ • https://seclists.org/bugtraq/2019/Jan/33 • http://seclists.org/fulldisclosure/2019/Jan/64 • http://seclists.org/fulldisclosure/2019/Jan/67 • https://support.apple.com/kb/HT209451 • https://seclists.org/bugtraq/2019/Jan/39 • https://security.netapp.com/advisory/ntap-20190502-0004/ • https://support.apple.com/kb/HT209443 • https://seclists.org/bugtraq/2019/Jan/32