Vulnerability identifier: #VU24065
Vulnerability risk: Low
Exploitation vector: Network
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak within the selectExpander() function in select.c in SQLite, caused by incorrect exception handling, related to stack unwinding. A remote attacker can trigger with ability to modify the WITH SQL query can gain access to potentially sensitive information.
Install updates from vendor's website.
Vulnerable software versions
SQLite: 1.0 - 3.30.1
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?