Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: several issues in SQLite (+ catching up on several other bugs)

From: jungle Boogie <jungleboogie0 () gmail com>
Date: Sun, 19 Apr 2015 14:32:11 -0700
On 14 April 2015 at 11:33, Michal Zalewski <lcamtuf () coredump cx> wrote:

Because of its versatility, SQLite sometimes finds use as the
mechanism behind SQL-style query APIs that are exposed between
privileged execution contexts and less-trusted code. One example of
this is the WebDB / WebSQL mechanism available in some browsers; in
this setting, vulnerabilities in the SQLite parser can open up the
platform to attacks.

Anyway, long story short, I recently reported around 22 bugs in the
query parser, including the use of uninitialized memory when parsing
collation sequences:



Richard and the team certainly have been busy bees:
https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk

And all commits by month:
https://www.sqlite.org/src/reports?view=bymonth&type=ci





-- 
-------
inum: 883510009027723
sip: jungleboogie () sip2sip info
xmpp: jungle-boogie () jit si

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: