Description
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2002-0148)
WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-7659)
Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4729)