'[oss-security] sqlite: CVE-2018-20346: integer overflow (resulting in buffer overflow) for FTS3 quer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] sqlite: CVE-2018-20346: integer overflow (resulting in buffer overflow) for FTS3 quer
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2018-12-21 21:47:06
Message-ID: 20181221214706.GA21869 () eldamar ! local
[Download RAW message or body]

Hi

MITRE has assigned CVE-2018-20346 for the "Magellan" called vulnerabilities.
The description in the CVE database reads as:

> SQLite before 3.25.3, when the FTS3 extension is enabled, encounters
> an integer overflow (and resultant buffer overflow) for FTS3 queries
> that occur after crafted changes to FTS3 shadow tables, allowing
> remote attackers to execute arbitrary code by leveraging the ability
> to run arbitrary SQL statements (such as in certain WebSQL use cases),
> aka Magellan.

below some references for the issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1659379
https://bugzilla.redhat.com/show_bug.cgi?id=1659677
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
https://blade.tencent.com/magellan/index_en.html
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
https://crbug.com/900910
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
https://www.sqlite.org/releaselog/3_25_3.html
https://access.redhat.com/articles/3758321

Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic