{"id":"CVE-2017-15286","details":"SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.","modified":"2026-07-08T23:29:27.516142Z","published":"2017-10-12T08:29:00.650Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101285"},{"type":"EVIDENCE","url":"https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"4c55cffe15c5db8cad319772149fb0ce681449cb"},{"last_affected":"4c55cffe15c5db8cad319772149fb0ce681449cb"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:sqlite:sqlite:3.20.1:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.20.1"},{"last_affected":"3.20.1"}]}}],"versions":["3.20.1","version-3.20.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15286.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}