CPANSA-DBD-SQLite-2018-3906-sqlite: DBD-SQLite vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2018-09-21T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2018-09-21T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	8.2	Severity	High
Original language		Language	en
Also referred to

Vulnerability Description

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerabilities

CVE-2018-3906

Vulnerability Description

Weakness	CWE-787 : Out-of-bounds Write

Product status

Known affected

Product

Score

DBD-SQLite greater than or equal 1.71_07 and less than or equal 1.72

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	8.2	High
2.0	AV:L/AC:L/Au:N/C:C/I:C/A:C	7.2	High

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-DBD-SQLite-2018-3906-sqlite JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2018/cpansa-dbd-sqlite-2018-3906-sqlite.json
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576 external
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576
CVE-2018-3906 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2018-3906

Revision history

Version	Date of the revision	Summary of the revision
1	Fri Sep 21 00:00:00 2018	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/