On 4/17/17, Michael Falconer <[email protected]> wrote:
> These may enlighten a little..........at least it appears to be related?
>
> http://www.cvedetails.com/cve/CVE-2015-6607/
>
> IBM report <http://www-01.ibm.com/support/docview.wss?uid=swg21981270>
Huh. That's not much of a vulnerability.
If an attacker can execute arbitrary SQL (notice that they must
already be well inside the system to do this) then they can run a
query like this:
SELECT printf('%1000000000d', 0);
And that query does a malloc for a 1-billion-byte (plus 1) buffer in
which to write the result, which might cause problems elsewhere in the
system. Or at least that is how I read the bug report.
We added the SQLITE_PRINTF_PRECISION_LIMIT compile-time option here
(http://sqlite.org/src/timeline?c=ecad75d69e0d5c83dd35) to deal with
that problem for the rare application that gives untrusted users the
ability to run unvetted SQL.
--
D. Richard Hipp
[email protected]
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
