Sqlite 3.6.0 Remote Code Execution Vulnerability

Summary

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Credit:

The information has been provided by Sqlite
The original article can be found at: https://www.sqlite.org/src/info/90acdbfce9c08858


Details

Sqlite is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Sqlite 3.6.0
  • Sqlite 3.6.1
  • Sqlite 3.6.2
  • Sqlite 3.6.3
  • Sqlite 3.6.4
  • Sqlite 3.6.5
  • Sqlite 3.6.6
  • Sqlite 3.6.6.1
  • Sqlite 3.6.6.2
  • Sqlite 3.6.7
  • Sqlite 3.6.8
  • Sqlite 3.6.9
  • Sqlite 3.6.10
  • Sqlite 3.6.11
  • Sqlite 3.6.12
  • Sqlite 3.6.13
  • Sqlite 3.6.14
  • Sqlite 3.6.14.1
  • Sqlite 3.6.14.2
  • Sqlite 3.6.15
  • Sqlite 3.6.16
  • Sqlite 3.6.16.1
  • Sqlite 3.6.17
  • Sqlite 3.6.18

CVE Information:

CVE-2019-8457

Disclosure Timeline:
Publish Date:05/30/2019

Categories: News