Vulnerability Management, Threat Management

SQLite database library impacted by high-severity bug

Share

Popular database library SQLite has been found to be impacted by a high-severity flaw stemming from a code modification from 22 years ago, according to The Hacker News. Threat actors could exploit the vulnerability, tracked as CVE-2022-35737, on 64-bit systems to compromise programs, a report from Trail of Bits showed. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases," said researcher Andreas Kellas. However, the flaw could only be successfully leveraged through a string with the %Q, %q, or %w format substitution types. "If the format string contains the '!' special character to enable unicode character scanning, then it is possible to achieve arbitrary code execution in the worst case, or to cause the program to hang and loop (nearly) indefinitely," added Kellas. SQLite has already addressed the flaw in version 3.39.2 of the library issued in July.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.