Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-109664

CVE-2022-46908 in sqlite plugin

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • P1: Critical
    • None
    • 6.4.1
    • Core: Plugins, sqlite
    • None
    • Linux/X11, Windows

    Description

      CVE-2022-46908 reported for sqlite plugin:

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
       

      Attachments

        Activity

          People

            thiago Thiago Macieira
            gjunker Gregory Junker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: