Use After Free Vulnerability in Sqlite3 by The SQLite Consortium
CVE-2019-5018

8.1HIGH

Key Information:

Vendor

Sqlite

Status
Sqlite3
Vendor
CVE Published:
10 May 2019

What is CVE-2019-5018?

An exploitable use after free vulnerability is present in the window function functionality of Sqlite3 version 3.26.0. If an attacker sends a specially crafted SQL command, this vulnerability can be triggered, potentially leading to the execution of remote code. Organizations using this version of Sqlite3 are advised to implement security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Sqlite3 SQLite 3.26.0, 3.27.0

References

http://www.securityfocus.com/bid/108294
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-09
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/4205-1/
vendor-advisoryx_refsource_UBUNTU

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.