NULL Pointer Dereference Vulnerability in SQLite 3.27.2 with FTS5 Virtual Table

NULL Pointer Dereference Vulnerability in SQLite 3.27.2 with FTS5 Virtual Table

CVE-2019-9937 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.