SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements . This is a different vulnerability than CVE-2018-20346.