SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
{ "ubuntu_priority": "low", "availability": "No subscription required", "binaries": [ { "binary_name": "lemon", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "lemon-dbgsym", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-0", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-0-dbg", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-0-dbgsym", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-dev", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-dev-dbgsym", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-tcl", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "libsqlite3-tcl-dbgsym", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "sqlite3", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "sqlite3-dbgsym", "binary_version": "3.8.2-1ubuntu2.1" }, { "binary_name": "sqlite3-doc", "binary_version": "3.8.2-1ubuntu2.1" } ] }