CVE-2018-20505

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

• CWE-89

• http://seclists.org/fulldisclosure/2019/Jan/62Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/64Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/66Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/67Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/68Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/69Mailing List, Third Party Advisory
• http://www.securityfocus.com/bid/106698Third Party Advisory, VDB Entry
• https://seclists.org/bugtraq/2019/Jan/28Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/29Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/31Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/32Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/33Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/39Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20190502-0004/Third Party Advisory
• https://sqlite.org/src/info/1a84668dcfdebaf12415dExploit, Vendor Advisory
• https://support.apple.com/kb/HT209443Vendor Advisory
• https://support.apple.com/kb/HT209446Vendor Advisory
• https://support.apple.com/kb/HT209447Vendor Advisory
• https://support.apple.com/kb/HT209448Vendor Advisory
• https://support.apple.com/kb/HT209450Vendor Advisory
• https://support.apple.com/kb/HT209451Vendor Advisory
• https://usn.ubuntu.com/4019-1/
• http://seclists.org/fulldisclosure/2019/Jan/62Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/64Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/66Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/67Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/68Mailing List, Third Party Advisory
• http://seclists.org/fulldisclosure/2019/Jan/69Mailing List, Third Party Advisory
• http://www.securityfocus.com/bid/106698Third Party Advisory, VDB Entry
• https://seclists.org/bugtraq/2019/Jan/28Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/29Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/31Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/32Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/33Mailing List, Third Party Advisory
• https://seclists.org/bugtraq/2019/Jan/39Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20190502-0004/Third Party Advisory
• https://sqlite.org/src/info/1a84668dcfdebaf12415dExploit, Vendor Advisory
• https://support.apple.com/kb/HT209443Vendor Advisory
• https://support.apple.com/kb/HT209446Vendor Advisory
• https://support.apple.com/kb/HT209447Vendor Advisory
• https://support.apple.com/kb/HT209448Vendor Advisory
• https://support.apple.com/kb/HT209450Vendor Advisory
• https://support.apple.com/kb/HT209451Vendor Advisory
• https://usn.ubuntu.com/4019-1/

Published

Apr 3, 2019

Last Modified

Jun 17, 2026

Status

Modified