Sqlite · Sqlite · CVE-2018-8740
Name of the Vulnerable Software and Affected Versions:
SQLite versions prior to 3.22.0
Description:
The issue is related to a NULL pointer dereference in the SQLite database management system. It occurs when a database's schema is corrupted using a CREATE TABLE AS statement, specifically involving the build.c and prepare.c components. This could potentially allow a remote attacker to cause a denial of service.
Recommendations:
For SQLite versions prior to 3.22.0, update to version 3.22.0 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the CREATE TABLE AS statement until a patch is available.