From gbhackers.com
![SQLite](https://i2.wp.com/1.bp.blogspot.com/-FWWvwuhZTA4/XNhgP7NiG_I/AAAAAAAAAxg/RlqhiC0AnSs2vlhHd2EAE-Pddx700Y1TACLcBGAs/s1600/Sqlite.jpg?w=696&ssl=1)
Talos security researchers discovered a Use After Free vulnerability in SQLite, allows attackers to send malicious SQL commands to trigger the vulnerability.
The free vulnerability exists in the window function functionality of Sqlite3; the flaw can be tracked as CVE-2019-5018; it affects SQLite 3.26.0, 3.27.0 and receives 8.1 – CVSS:3.0 score.
SQLite is a favorite library used in implementing SQL database engine; it is used extensively in a number of devices including mobile devices, browsers, hardware devices, and user applications.
“SQLite implements the Window Functions feature of SQL which allows queries over a subset, or “window,” of rows. After parsing a SELECT statement that contains a window function, the SELECT statement is transformed using the sqlite3WindowRewrite function.”