CVE-2019-5018

Name of the Vulnerable Software and Affected Versions Sqlite3 versions 3.26.0 through 3.27.x

Description The issue is related to an error in the window function of the SQLite database management system. Exploitation of this issue can allow a remote attacker to cause a denial of service. A specially crafted SQL command can trigger a use after free vulnerability, potentially resulting in remote code execution. The problem is caused by an error in the implementation of window functions, starting from the SQLite 3.26 branch.

Recommendations For versions 3.26.0 through 3.27.x, update to version 3.28 or later to resolve the issue. As a temporary workaround, consider restricting the execution of SQL commands from untrusted sources to minimize the risk of exploitation. Avoid using the window function functionality in SQL commands until the issue is resolved.