SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libsqlite3-tcl-dbgsym": "3.8.2-1ubuntu2.1", "lemon-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-0-dbg": "3.8.2-1ubuntu2.1", "libsqlite3-0-dbgsym": "3.8.2-1ubuntu2.1", "sqlite3-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-tcl": "3.8.2-1ubuntu2.1", "libsqlite3-dev-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-0": "3.8.2-1ubuntu2.1", "libsqlite3-dev": "3.8.2-1ubuntu2.1", "sqlite3-doc": "3.8.2-1ubuntu2.1", "sqlite3": "3.8.2-1ubuntu2.1", "lemon": "3.8.2-1ubuntu2.1" } ] }