On 4/17/17, Michael Falconer <michael.j.falco...@gmail.com> wrote: > These may enlighten a little..........at least it appears to be related? > > http://www.cvedetails.com/cve/CVE-2015-6607/ > > IBM report <http://www-01.ibm.com/support/docview.wss?uid=swg21981270>
Huh. That's not much of a vulnerability. If an attacker can execute arbitrary SQL (notice that they must already be well inside the system to do this) then they can run a query like this: SELECT printf('%1000000000d', 0); And that query does a malloc for a 1-billion-byte (plus 1) buffer in which to write the result, which might cause problems elsewhere in the system. Or at least that is how I read the bug report. We added the SQLITE_PRINTF_PRECISION_LIMIT compile-time option here (http://sqlite.org/src/timeline?c=ecad75d69e0d5c83dd35) to deal with that problem for the rare application that gives untrusted users the ability to run unvetted SQL. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users