SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement.
The product uses or accesses a resource that has not been initialized.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sqlite | Sqlite | * | 3.8.8.3 (including) |