[Info-vax] SQLite has a critical vulnerability
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Dec 19 14:33:44 EST 2018
On 2018-12-17 00:26:27 +0000, Simon Clubley said:
> For those of you using SQLite be aware it has a critical vulnerability
> which can be remotely exploited in some circumstances:
Per the SQLite lead: "Reports of an RCE vulnerability in SQLite are
greatly exaggerated. Some clever gray-hats found a way to get RCE using
maliciously crafted SQL. So, IF you allow random internet users to run
arbitrary SQL on your system, you should upgrade. Otherwise, you are
not at risk." —
https://twitter.com/DRichardHipp/status/1073779742552350720
[And if you're allowing arbitrary SQL, you might want to revisit that
choice. — Hoff]
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list