[Info-vax] SQLite has a critical vulnerability
osuvman50 at gmail.com
osuvman50 at gmail.com
Mon Dec 17 11:26:37 EST 2018
Inspection of the crash example linked to by the article points to a problem in the fts3 (full text search) virtual table module. The module exposes the index B-tree data as a table that can be updated by the application.
I can make sqlite3 segment fault on a Linux system by manually entering the commands in the test HTML. My SQLite port never enabled that module, FWIW.
More information about the Info-vax
mailing list