Your submission was sent successfully! Close

CVE-2019-5018

Published: 10 May 2019

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.

Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://www.sqlite.org/src/vpatch?from=1ae70ad2ffd36c27&to=1e16d3e8fc60d39c