Description

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

Remediation

References

CVE-2017-15286

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2002-0842)

WordPress Plugin Custom Field Template Cross-Site Request Forgery (2.5.1)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10384)

WordPress Plugin BuddyPress Multiple Vulnerabilities (5.1.2)

Severity

High

Classification

CVE-2017-15286 CWE-476 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities