Description
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-1506 Vulnerability (CVE-2013-1506)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder Unspecified Vulnerability (1.5.3)
Oracle Application Server CVE-2006-0274 Vulnerability (CVE-2006-0274)
WordPress Plugin Bold Timeline Lite Cross-Site Scripting (1.1.4)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892)