CVE-2022-46908

Name
CVE-2022-46908
Description
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://sqlite.org/src/info/cefc032473ac5ad2
MISC https://sqlite.org/forum/forumpost/07beac8056151b2f
MISC https://news.ycombinator.com/item?id=33948588

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= None <= 3.40.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite 3.16-main 3.38.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.15-main 3.36.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.14-main 3.35.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable