Stories
Slash Boxes
Comments

SoylentNews is people

Remote Code Execution Vulnerability Impacts SQLite

posted by martyb on Tuesday May 14 2019, @09:26PM   Printer-friendly
from the not-even-remotely-funny dept.

Fnord666 writes:

https://www.securityweek.com/remote-code-execution-vulnerability-impacts-sqlite

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered.

Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0.

To trigger the flaw, an attacker would need to send a specially crafted SQL command to the victim, which could allow them to execute code remotely.

The popular SQLite library, a client-side database management system, is widely used in mobile devices, browsers, hardware devices, and user applications, Talos notes.

SQLite implements the Window Functions feature of SQL, allowing queries over a subset, or "window," of rows, and the newly revealed vulnerability was found in the "window" function.

The security researchers discovered that, after the parsing of a SELECT statement that contains a window function, in certain conditions, the expression-list held by the SELECT object is rewritten and the master window object is used during the process.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Remote Code Execution Vulnerability Impacts SQLite | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Bot on Wednesday May 15 2019, @12:31AM (2 children)

    by Bot (3902) on Wednesday May 15 2019, @12:31AM (#843651) Journal

    You darn atheists think that vulnerabilities arise from mistakes or malice while the programmer is working, but in fact they are like angels in heaven that sometimes come down to populate the software. This vulnerability was flying over sqlite and saw a place called "WINDOW" function. Thinking "I feel strangely attracted to this name", it gently landed there.

    --
    Account abandoned.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:55AM

    by Anonymous Coward on Wednesday May 15 2019, @12:55AM (#843657)

    That explains why it evaded SQLite extensive testing :

    SQLite is very carefully tested prior to every release and has a reputation for being very reliable. Most of the SQLite source code is devoted purely to testing and verification. An automated test suite runs millions and millions of test cases involving hundreds of millions of individual SQL statements and achieves 100% branch test coverage. SQLite responds gracefully to memory allocation failures and disk I/O errors.

  • (Score: 2) by Freeman on Wednesday May 15 2019, @02:13PM

    by Freeman (732) on Wednesday May 15 2019, @02:13PM (#843824) Journal

    Just 'cause an angel appeared doesn't mean it came from heaven.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"