Allele Security Alert
ASA-2018-00093
Identifier(s)
ASA-2018-00093, CVE-2018-20346
Title
Integer overflow in FTS3 queries
Vendor(s)
D. Richard Hipp
Product(s)
SQLite
Affected version(s)
SQLite before 3.25.3
Fixed version(s)
SQLite 3.25.3
Proof of concept
Yes
Description
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Technical details
Unknown
Credits
Tencent Blade Team
Reference(s)
Bug 1659379 – sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) [NEEDINFO]
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
Bug 1659677 – sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1659677
Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
Magellan
https://blade.tencent.com/magellan/index_en.html
Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
sqlite: Upgrade to the 3.25.3 code in M72.
https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e
SQLite Release 3.25.3 On 2018-11-05
https://www.sqlite.org/releaselog/3_25_3.html
Multiple remote code execution flaws in sqlite (Magellan)
https://access.redhat.com/articles/3758321
Crash Chrome 70 with the SQLite Magellan bug | Worth Doing Badly
https://worthdoingbadly.com/sqlitebug/
EXPLOITING THE MAGELLAN BUG ON 64-BIT CHROME DESKTOP
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
SQLite Vulnerability Fix
https://electronjs.org/blog/magellan-fix
CVE-2018-20346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346
CVE-2018-20346
https://nvd.nist.gov/vuln/detail/CVE-2018-20346
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 12, 2019