[Info-vax] Flaw in SQLite: CVE-2022-35737

John Dallman jgd at cix.co.uk
Sun Oct 30 14:14:00 EDT 2022


In article <193501bd-d3a4-4f9a-b05d-3fc7179cc9c4n at googlegroups.com>,
osuvman50 at gmail.com (David Jones) wrote:

> Note that the bug only applies if the application can generate a 
> buffer larger than 2^31 bytes as a printf argument, meaning it's
> practically not exploitable for 32-bit builds.

Quite a lot of software has dropped its 32-bit builds, and nobody would
want to have different versions of SQLite between their 32- and 64-bit
builds. In the Linux and Windows worlds, there isn't all that much
software left that's 32-bit-only. It's extinct on iOS and macOS, with
Android heading that way quite fast. 

I checked on one of work's products that I remembered used SQLite, and
was pleased to discover it has been removed two years ago. 

John 



More information about the Info-vax mailing list