[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] several issues in SQLite (+ catching up on several other bugs)
- To: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Subject: Re: [FD] several issues in SQLite (+ catching up on several other bugs)
- From: jungle Boogie <jungleboogie0@xxxxxxxxx>
- Date: Sun, 19 Apr 2015 14:32:11 -0700
On 14 April 2015 at 11:33, Michal Zalewski <lcamtuf@xxxxxxxxxxx> wrote:
> Because of its versatility, SQLite sometimes finds use as the
> mechanism behind SQL-style query APIs that are exposed between
> privileged execution contexts and less-trusted code. One example of
> this is the WebDB / WebSQL mechanism available in some browsers; in
> this setting, vulnerabilities in the SQLite parser can open up the
> platform to attacks.
>
> Anyway, long story short, I recently reported around 22 bugs in the
> query parser, including the use of uninitialized memory when parsing
> collation sequences:
Richard and the team certainly have been busy bees:
https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk
And all commits by month:
https://www.sqlite.org/src/reports?view=bymonth&type=ci
--
-------
inum: 883510009027723
sip: jungleboogie@xxxxxxxxxxxx
xmpp: jungle-boogie@xxxxxx
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/