It exists that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sqlite sqlite 3.26.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 12.04 |
You know the drill: Patch and stop using C
Cisco Talos researchers have uncovered an SQLite use-after-free() vulnerability that could allow an attacker to, in theory, remotely execute code on an affected device. "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0," said Talos in a blog post describing the vuln, provisionally allocated CVE-2019-5018. An open-source project, SQLite's maintainers describe it as "the most used database engine in the world." SQLite implements SQL's Window...