[Info-vax] Flaw in SQLite: CVE-2022-35737
John Dallman
jgd at cix.co.uk
Sun Oct 30 14:14:00 EDT 2022
In article <193501bd-d3a4-4f9a-b05d-3fc7179cc9c4n at googlegroups.com>,
osuvman50 at gmail.com (David Jones) wrote:
> Note that the bug only applies if the application can generate a
> buffer larger than 2^31 bytes as a printf argument, meaning it's
> practically not exploitable for 32-bit builds.
Quite a lot of software has dropped its 32-bit builds, and nobody would
want to have different versions of SQLite between their 32- and 64-bit
builds. In the Linux and Windows worlds, there isn't all that much
software left that's 32-bit-only. It's extinct on iOS and macOS, with
Android heading that way quite fast.
I checked on one of work's products that I remembered used SQLite, and
was pleased to discover it has been removed two years ago.
John
More information about the Info-vax
mailing list