Description
os_unix.c in SQLite before 3.13.0 improperly implements the temporary
directory search algorithm, which might allow local users to obtain
sensitive information, cause a denial of service (application crash), or
have unspecified other impact by leveraging use of the current working
directory for temporary files. (CVE-2016-6153)
In SQLite through 3.22.0, databases whose schema is corrupted using a
CREATE TABLE AS statement could cause a NULL pointer dereference,
related to build.c and prepare (CVE-2018-8740)