Reply to post: Re: Stop using C

Another remote-code execution hole in top database engine SQLite: How it works, and why not to totally freak out

yoganmahew

Re: Stop using C

In other news...

"It, realistically, requires the combination of an SQL injection flaw with this latest engine bug to do scary damage."

That's the typical MO to exploit a bug, according to Mr. Gibson. There are plenty of partially patched systems and regular findings of squilly injection flaws - https://www.theregister.co.uk/2018/12/18/sqlite_vulnerability/

So if you only upgraded to 3.26.0 or not much newer to fix December's injection flaw, you're now vulnerable to both flaws being used as a pair.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019