[3.7] sqlite: Multiple vulnerabilities (CVE-2019-5018, CVE-2019-8457)
CVE-2019-5018: use-after-free in window function leading to remote code execution
An exploitable use after free vulnerability exists in the window
function functionality of Sqlite3 3.26.0. A specially crafted SQL
command can cause a use
after free vulnerability, potentially resulting in remote code
execution. An attacker can send a malicious SQL command to trigger this
vulnerability.
References:
https://www.talosintelligence.com/vulnerability\_reports/TALOS-2019-0777
https://nvd.nist.gov/vuln/detail/CVE-2019-5018
CVE-2019-8457: heap out-of-bound read in function rtreenode()
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap
out-of-bound
read in the rtreenode() function when handling invalid rtree tables.
References:
https://www.sqlite.org/releaselog/3\_28\_0.html
https://nvd.nist.gov/vuln/detail/CVE-2019-8457
Patch:
https://www.sqlite.org/src/info/90acdbfce9c08858
(from redmine: issue id 10540, created on 2019-06-05)
- Relations:
- parent #10537