SQLite through version 3.22.0 is vulnerable to a NULL pointer dereference when using databases that have been corrupted with 'CREATE TABLE AS' statements. An attacker could exploit this with a crafted database file to trigger a crash and resulting denial of service. Upstream Patch: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b Additional References: http://seclists.org/oss-sec/2018/q1/244
Created mingw-sqlite tracking bugs for this issue: Affects: fedora-all [bug 1558808] Created sqlite2 tracking bugs for this issue: Affects: fedora-all [bug 1558805] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1558809] Created sqlite2 tracking bugs for this issue: Affects: epel-all [bug 1558806] Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1558807]
Reproducer for this can be found in: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
Statement: Red Hat Product Security has rated this issue as having a security impact of Low. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.