CVE-2019-5018
published 2019-05-10CVE-2019-5018: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | sqlite3 | < sqlite3 3.27.2-3 (bookworm) | sqlite3 3.27.2-3 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.27.2-3 | 3.27.2-3 |
| ghost | sqlite3 | >= 0 < 3.27.2-3 | 3.27.2-3 |
| ghost | sqlite3 | >= 0 < 3.27.2-3 | 3.27.2-3 |
| ghost | sqlite3 | >= 0 < 3.27.2-3 | 3.27.2-3 |
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.3 | 3.11.0-1ubuntu1.3 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.2 | 3.22.0-1ubuntu0.2 |
| android | — | — | |
| sqlite | sqlite | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH