CVE-2017-2518

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
< 10.3.2
applemac_os_x
𝑥
< 10.12.5
appletvos
𝑥
< 10.2.1
applewatchos
𝑥
< 3.2.2
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bookworm
3.40.1-2
fixed
bullseye
3.34.1-3
fixed
bullseye (security)
3.34.1-3+deb11u1
fixed
sid
3.46.1-1
fixed
trixie
3.46.1-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite3
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
Fixed 3.8.2-1ubuntu2.2+esm1
released
xenial
Fixed 3.11.0-1ubuntu1.2
released
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsqlite3-0
suse enterprise sap 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 12 SP1
3.8.10.2-9.15.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
libsqlite3-0-32bit
suse enterprise sap 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 12 SP1
3.8.10.2-9.15.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
sqlite3
suse enterprise sap 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 12 SP1
3.8.10.2-9.15.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
sqlite3-devel
suse enterprise sap 12 SP5
3.36.0-9.18.1
fixed
suse enterprise server 12 SP2
3.36.0-9.18.1
fixed
suse enterprise server 12 SP3
3.36.0-9.18.1
fixed
suse enterprise server 12 SP4
3.36.0-9.18.1
fixed
suse enterprise server 12 SP5
3.36.0-9.18.1
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98468
http://www.securitytracker.com/id/1038484
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
https://support.apple.com/HT207797
https://support.apple.com/HT207798
https://support.apple.com/HT207800
https://support.apple.com/HT207801
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
http://www.securityfocus.com/bid/98468
http://www.securitytracker.com/id/1038484
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
https://support.apple.com/HT207797
https://support.apple.com/HT207798
https://support.apple.com/HT207800
https://support.apple.com/HT207801
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/