The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
The product does not release or incorrectly releases a resource before it is made available for re-use.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | 10.10.5 (including) | 10.10.5 (including) |
Watchos | Apple | 1.0.1 (including) | 1.0.1 (including) |