Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-46908

Опубликовано: 12 дек. 2022
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

A flaw was found in the SQLite package. SQLite could allow a local attacker to bypass security restrictions caused by an issue when relying on --safe for the execution of an untrusted CLI script, potentially leading to arbitrary file read/write.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteNot affected
Red Hat Enterprise Linux 8sqliteNot affected
Red Hat Enterprise Linux 9sqliteNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-89
https://bugzilla.redhat.com/show_bug.cgi?id=2152844sqlite: safe mode authorizer callback allows disallowed UDFs

EPSS

Процентиль: 26%
0.00088
Низкий

7.3 High

CVSS3

Связанные уязвимости

CVSS3: 7.3
ubuntu
больше 2 лет назад

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

CVSS3: 7.3
nvd
больше 2 лет назад

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

CVSS3: 7.3
msrc
больше 2 лет назад

Описание отсутствует

CVSS3: 7.3
debian
больше 2 лет назад

SQLite through 3.40.0, when relying on --safe for execution of an untr ...

suse-cvrf
около 2 лет назад

Security update for sqlite3

EPSS

Процентиль: 26%
0.00088
Низкий

7.3 High

CVSS3