CVE-2019-5018: SQLite Remote Code Execution Vulnerability Alert

SQLite Remote Code Execution Vulnerability

Image: Wiki Common

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. SQLite is the most widely deployed database in the world with more applications than we can count, including several high-profile projects. SQLite is an embedded SQL database engine.

SQLite released 3.28.0 to fixes a remote code execution vulnerability (CVE-2019-5018). This vulnerability was found by Cisco Talos and the details of the specific vulnerability have been made public.

Image: Wiki Common

The vulnerability can be triggered by sending a malicious SQL command.

Affected version

  • SQLite 3.26.0, 3.27.0

Solution

Please update SQLite to the latest version.