H3C Security Vulnerability - SQLite Remote Code Execution - CVE-2018-20346
04-02-2021【Summary】
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
【Impact】
The vulnerability may potentially causing leak of data and modification of system files.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
D2000-G | All | TBC before Jan 31,2020 |
【Temporary Fix】
None
【Revision History】
2019-12-16 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.