ID CVE-2017-15286
Summary SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
References
Vulnerable Configurations
  • cpe:2.3:a:sqlite:sqlite:3.20.1
    cpe:2.3:a:sqlite:sqlite:3.20.1
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
NASL family Fedora Local Security Checks
NASL id FEDORA_2018-8D8F0E1643.NASL
description Security fix for CVE-2017-13685 CVE-2017-15286 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2018-06-10
modified 2018-06-08
plugin id 110401
published 2018-06-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=110401
title Fedora 27 : sqlite (2018-8d8f0e1643)
refmap via4
bid 101285
misc https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
Last major update 12-10-2017 - 04:29
Published 12-10-2017 - 04:29
Last modified 27-10-2017 - 10:18
Back to Top