Talos security researchers discovered a Use After Free vulnerability in SQLite, allows attackers to send malicious SQL commands to trigger the vulnerability.
The free vulnerability exists in the window function functionality of Sqlite3; the flaw can be tracked as CVE-2019-5018; it affects SQLite 3.26.0, 3.27.0 and receives 8.1 – CVSS:3.0 score.
SQLite is a favorite library used in implementing SQL database engine; it is used extensively in a number of devices including mobile devices, browsers, hardware devices, and user applications.
“SQLite implements the Window Functions feature of SQL which allows queries over a subset, or “window,” of rows. After parsing a SELECT statement that contains a window function, the SELECT statement is transformed using the sqlite3WindowRewrite function.”
The master objected retriwed from the SELECt objects and rewrites for easier processing. Researchers discovered that during deletion of expression, “if the expression is marked as a Window Function, the associated Window object is deleted as well.”
While deletion of windows, it’s associated partition of the window also get deleted, “After this partition is deleted, it is then reused in exprListAppendList [5], causing a use after free vulnerability, resulting in a denial of service,” reads vulnerability report.
“If an attacker can control this memory after the free, there is an opportunity to corrupt more data, potentially leading to code execution.”
Vulnerability Disclosure Timeline
2019-02-05 – Vendor Disclosure
2019-03-07 – 30 day follow up with vendor; awaiting moderator approval
2019-03-28 – Vendor patched
2019-05-09 – Public Release
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Critical SQLite Bug Affected all Modern Operating Systems and Software
phpMyAdmin 4.8.5 Released with Fixes for SQL injection and Arbitrary File Read Vulnerability
AI Soft has announced the upcoming public release of Alli AI, an advanced artificial intelligence-powered…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated warnings on March 4, 2025, by…
Cisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform…
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left…
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites…
A sophisticated Advanced Persistent Threat (APT) group, known as CNC, has been conducting a cyber…