Description
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Remediation
References
Related Vulnerabilities
WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.6.2.5)
Ruby CVE-2019-15845 Vulnerability (CVE-2019-15845)
WordPress Plugin Calendar Event Multi View Multiple Vulnerabilities (1.1.4)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0215)
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-23181)