SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457
Reference (s):
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://security.netapp.com/advisory/ntap-20190606-0002/
- URL: https://security.netapp.com/advisory/ntap-20190606-0002/
- FEDORA:FEDORA-2019-02b81266b7
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/