Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Related bugs and status

CVE-2022-46908 (Candidate) is related to these bugs:

Bug #2029379: [MIR] promote libdbd-sqlite3-perl (libmail-dmarc-perl dependency)

Summary				In	Importance	Status
	2029379	[MIR] promote libdbd-sqlite3-perl (libmail-dmarc-perl dependency)		libdbd-sqlite3-perl (Ubuntu)	Undecided	In Progress

See the

CVE page on Mitre.org for more details.

References

MISC: https://news.ycombinat...
MISC: https://sqlite.org/for...
MISC: https://sqlite.org/src...
CONFIRM: https://security.netap...
GENTOO: GLSA-202311-03