[Info-vax] Flaw in SQLite: CVE-2022-35737
Neil Rieck
n.rieck at bell.net
Mon Oct 31 06:23:07 EDT 2022
On Sunday, October 30, 2022 at 9:12:07 PM UTC-4, osuv... at gmail.com wrote:
> On Sunday, October 30, 2022 at 5:57:49 PM UTC-4, Craig A. Berry wrote:
> > I don't know what the pointer sizes are on the builds of SQLite for VMS,
> > but even with 64-bit pointers I'm pretty sure the size of a single
> > object is limited to 2GB on VMS. It would take some work to figure out
> > whether that in itself defeats the exploit or just creates a different
> > failure pattern.
> The default VMS build is 32-bit but you do have the option to build 64-bit
> versions of the images and libraries. The alternate versions have "64" appended
> to the file name or type (e.g. sqlite3shr64.exe, sqlite3.olb64) so can co-exist
> with the regular build.
Not sure how much of the OpenVMS ecosystem is exposed to SQLite (I suspect it is very tiny) but SQLite exists almost everywhere else in the computer world including Linux, smart TVs, and smart phones (Android is a stripped-down version of Linux) to only name three. In fact, anyone who has ever worked with the dynamic duo of yum and rpm on Linux will know that SQLite is at their center where it keeps track of dependencies during an upgrade.
Neil Rieck
Waterloo, Ontario, Canada.
http://neilrieck.net
More information about the Info-vax
mailing list