On 4/17/17, Michael Falconer <michael.j.falco...@gmail.com> wrote:
> These may enlighten a little..........at least it appears to be related?
>
> http://www.cvedetails.com/cve/CVE-2015-6607/
>
> IBM report <http://www-01.ibm.com/support/docview.wss?uid=swg21981270>
Huh. That's not much of a vulnerability.
If an attacker can execute arbitrary SQL (notice that they must
already be well inside the system to do this) then they can run a
query like this:
SELECT printf('%1000000000d', 0);
And that query does a malloc for a 1-billion-byte (plus 1) buffer in
which to write the result, which might cause problems elsewhere in the
system. Or at least that is how I read the bug report.
We added the SQLITE_PRINTF_PRECISION_LIMIT compile-time option here
(http://sqlite.org/src/timeline?c=ecad75d69e0d5c83dd35) to deal with
that problem for the rare application that gives untrusted users the
ability to run unvetted SQL.
--
D. Richard Hipp
d...@sqlite.org
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
