SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER SQLite FTS integer overflow attempt
This event is generated when an attacker attempts to exploit an integer overflow in SQLite.
Attempted User Privilege Gain
Rule checks for attempts to exploit an integer overflow in SQLite.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-20346SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
||Ease of Access||