CVE-2017-15286

Name of the Vulnerable Software and Affected Versions SQLite version 3.20.1

Description The issue arises from a NULL pointer dereference in the tableColumnList function within shell.c. This occurs because the software fails to account for specific cases where sqlite3 step(pStmt)==SQLITE ROW is false, resulting in a data structure never being initialized.

Recommendations For SQLite version 3.20.1, consider disabling the tableColumnList function in shell.c as a temporary workaround until a patch is available. Restrict access to the sqlite3 step function to minimize the risk of exploitation. Avoid using the pStmt variable in the affected code path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.