CVE-2017-15286
published 2017-10-12CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW`…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.20.1-2 (bookworm) | sqlite3 3.20.1-2 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.20.1-2 | 3.20.1-2 |
| ghost | sqlite3 | >= 0 < 3.20.1-2 | 3.20.1-2 |
| ghost | sqlite3 | >= 0 < 3.20.1-2 | 3.20.1-2 |
| ghost | sqlite3 | >= 0 < 3.20.1-2 | 3.20.1-2 |
| sqlite | sqlite | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH