CVE-2018-20505

Name of the Vulnerable Software and Affected Versions SQLite version 3.25.2

Description The issue is related to the execution of queries on a table with a malformed PRIMARY KEY, allowing remote attackers to cause a denial of service by running arbitrary SQL statements. This can be exploited in certain use cases, such as WebSQL, to crash the application. The vulnerability is associated with a lack of protection for the SQL query structure, which can be leveraged by an attacker to cause the application to terminate.

Recommendations For SQLite version 3.25.2, consider restricting the ability to run arbitrary SQL statements, especially in WebSQL use cases, until a fix is available. As a temporary workaround, avoid using tables with malformed PRIMARY KEY definitions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.