Errata overview
Errata ID 582
Date 2019-01-16
Source package sqlite3
Fixed in version
This update addresses the following issues:
* CVE-2017-2518: A use-after-free bug in the query optimizer may cause a
  buffer overflow and application crash via a crafted SQL statement.
* CVE-2017-2519: Insufficient size of the reference count on Table objects
  could lead to a denial-of-service or arbitrary code execution.
* CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that
  was not large enough to hold the complete string plus zero terminator when
  the input was a zeroblob. This could lead to arbitrary code execution or a
* CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted
  database leading to a heap-based buffer over-read or possibly unspecified
  other impact.
* CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS
  statement could cause a NULL pointer dereference.
Additional notes
CVE ID CVE-2018-8740
UCS Bug number #48455