Vulnerability CVE-2017-15286: Information

Description

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15286

Published: Oct. 12, 2017

Modified: Oct. 27, 2017

Error type identifier: CWE-476

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
sqlite3	sisyphus	3.22.0-alt1	3.44.2-alt1	ALT-PU-2018-1493-1	202919	Fixed
sqlite3	p10	3.22.0-alt1	3.35.5-alt1.p10.1	ALT-PU-2018-1493-1	202919	Fixed
sqlite3	p9	3.22.0-alt1	3.33.0-alt1	ALT-PU-2018-1493-1	202919	Fixed
sqlite3	p8	3.22.0-alt0.M80P.1	3.22.0-alt0.M80P.1	ALT-PU-2019-2194-1	216874	Fixed
sqlite3	c10f1	3.22.0-alt1	3.35.5-alt1.p10.1	ALT-PU-2018-1493-1	202919	Fixed
sqlite3	c9f2	3.22.0-alt1	3.36.0-alt2	ALT-PU-2018-1493-1	202919	Fixed
sqlite3	c7	3.22.0-alt0.M70C.1	3.22.0-alt0.M70C.1	ALT-PU-2019-2343-1	234994	Fixed
sqlite3	p11	3.22.0-alt1	3.44.2-alt1	ALT-PU-2018-1493-1	202919	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md	Exploit Third Party Advisory
101285	Third Party Advisory VDB Entry

Affected configurations:
1. Configuration 1
  cpe:2.3:a:sqlite:sqlite:3.20.1:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2017-15286: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1