As reported just lately, a researcher has discovered a critical safety flaw in SQLite. Exploiting this flaw might permit for an attacker to execute distant code on a goal system. Fortuitously distributors have now patched this SQLite vulnerability.
SQLite Vulnerability Permitting RCE
Researcher Cory Duplantis from Cisco Talos discovered a critical safety vulnerability in SQLite. Upon exploit, the flaw might permit a possible attacker to execute distant codes on the goal gadget.
Describing this SQLite vulnerability of their advisory, Cisco Talos acknowledged,
A specifically crafted SQL command may cause a use after free vulnerability, doubtlessly leading to distant code execution.
As reported, the vulnerability existed within the window operate performance of SQLite3 3.26.0. A possible attacker might simply set off this flaw just by sending maliciously crafted SQL command.
An attacker can ship a malicious SQL command to set off this vulnerability.
After the use after free vulnerability appeared, the attacker might then acquire entry to the affected system, corrupt information, and execute codes remotely.
The vulnerability has obtained the CVE quantity CVE-2019-5018, with a CVSS rating of 8.1. The technical particulars concerning the existence and exploitation of this vulnerability can be found within the advisory.
Vendor Patched The Flaw
Based on the timeline talked about within the advisory, the seller disclosure of this vulnerability befell on February 5, 2019. The researcher examined SQLite variations 3.26.Zero and three.27.0.
The distributors subsequently patched the flaw with the discharge of the model 3.28.0.
SQLite is a SQL database engine implementation library that powers most browsers, {hardware} units, cellular units, and person apps. It’s a quick, small, and reliable database resolution.
Do share with us your ideas within the remark part.
