Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Remote Code Execution Vulnerability Impacts SQLite

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. 

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. 

Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0.

To trigger the flaw, an attacker would need to send a specially crafted SQL command to the victim, which could allow them to execute code remotely. 

The popular SQLite library, a client-side database management system, is widely used in mobile devices, browsers, hardware devices, and user applications, Talos notes

SQLite implements the Window Functions feature of SQL, allowing queries over a subset, or “window,” of rows, and the newly revealed vulnerability was found in the “window” function. 

The security researchers discovered that, after the parsing of a SELECT statement that contains a window function, in certain conditions, the expression-list held by the SELECT object is rewritten and the master window object is used during the process. 

When processing an aggregate function and after it is appended to the expression list, the expression is deleted. During deletion, if the expression is marked as a Window Function, the associated Window object and partition for the Window are deleted as well.

The deleted partition is reused after the rewrite of the expression list, which causes a use-after-free vulnerability that leads to a denial of service. However, if the attacker could control the memory after the free, they can corrupt more data and potentially execute code. 

Advertisement. Scroll to continue reading.

“Talos tested and confirmed that versions 3.26.0 and 3.27.0 of SQLite are affected by this vulnerability,” the researchers note. 

The security researchers, who published proof-of-concept code, reported the vulnerability to the vendor in early February. An update to patch the issue had been released weeks before the advisory was made public. 

Related: Code Execution Flaw in SQLite Affects Chrome, Other Software

Related: JavaScript Library Introduced XSS Flaw in Google Search

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.