Use After Free in sqlite

Do your applications use this vulnerable package? Test your applications

Overview

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.

References

CVE Details
Debian Security Tracker
GENTOO
MISC
Netapp Security Advisory
Security Focus
Talos Vulnerability Report
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-5018
CWE: CWE-416
Snyk ID: SNYK-ALPINE39-SQLITE-449762
Disclosed: 10 May, 2019
Published: 10 May, 2019

Use After Free
Affecting sqlite package, versions <3.28.0-r0

Overview

References

CVSS Score

Use After Free Affecting sqlite package, versions <3.28.0-r0

Overview

References

Use After Free
Affecting sqlite package, versions <3.28.0-r0