CVE-2017-15286 (https://nvd.nist.gov/vuln/detail/CVE-2017-15286): SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. References: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md https://bugzilla.novell.com/show_bug.cgi?id=1063145 http://www.sqlite.org/src/info/5d0ceb8dcdef92cd
(In reply to Aleksandr Wagner (Kivak) from comment #0) > http://www.sqlite.org/src/info/5d0ceb8dcdef92cd https://sqlite.org/src/info/5d0ceb8dcdef92cd