Headline
CVE-2022-46908: SQLite: Check-in [cefc0324]
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905
"fts3\_tokenizer",
"load\_extension",
"readfile",
"writefile",
"zipfile",
"zipfile\_cds",
}; UNUSED_PARAMETER(zA2); UNUSED_PARAMETER(zA3); UNUSED_PARAMETER(zA4); switch( op ){ case SQLITE_ATTACH: { #ifndef SQLITE_SHELL_FIDDLE /* In WASM builds the filesystem is a virtual sandbox, so ** there’s no harm in using ATTACH. */ failIfSafeMode(p, “cannot run ATTACH in safe mode”); #endif break; } case SQLITE_FUNCTION: { int i; for(i=0; i<ArraySize(azProhibitedFunctions); i++){ if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){ failIfSafeMode(p, "cannot use the %s() function in safe mode", azProhibitedFunctions[i]); } } break; } }
|
|
1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905
"fts3\_tokenizer",
"load\_extension",
"readfile",
"writefile",
"zipfile",
"zipfile\_cds",
}; UNUSED_PARAMETER(zA1); UNUSED_PARAMETER(zA3); UNUSED_PARAMETER(zA4); switch( op ){ case SQLITE_ATTACH: { #ifndef SQLITE_SHELL_FIDDLE /* In WASM builds the filesystem is a virtual sandbox, so ** there’s no harm in using ATTACH. */ failIfSafeMode(p, “cannot run ATTACH in safe mode”); #endif break; } case SQLITE_FUNCTION: { int i; for(i=0; i<ArraySize(azProhibitedFunctions); i++){ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){ failIfSafeMode(p, "cannot use the %s() function in safe mode", azProhibitedFunctions[i]); } } break; } }
Related news
Ubuntu Security Notice 6566-1 - It was discovered that SQLite incorrectly handled certain protection mechanisms when using a CLI script with the --safe option, contrary to expectations. This issue only affected Ubuntu 22.04 LTS. It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly use this issue to cause SQLite to crash, resulting in a denial of service.
Gentoo Linux Security Advisory 202311-3 - Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]