Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Remote Code Execution Vulnerability Impacts SQLite

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. 

A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. 

Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0.

To trigger the flaw, an attacker would need to send a specially crafted SQL command to the victim, which could allow them to execute code remotely. 

The popular SQLite library, a client-side database management system, is widely used in mobile devices, browsers, hardware devices, and user applications, Talos notes

SQLite implements the Window Functions feature of SQL, allowing queries over a subset, or “window,” of rows, and the newly revealed vulnerability was found in the “window” function. 

The security researchers discovered that, after the parsing of a SELECT statement that contains a window function, in certain conditions, the expression-list held by the SELECT object is rewritten and the master window object is used during the process. 

Advertisement. Scroll to continue reading.

When processing an aggregate function and after it is appended to the expression list, the expression is deleted. During deletion, if the expression is marked as a Window Function, the associated Window object and partition for the Window are deleted as well.

The deleted partition is reused after the rewrite of the expression list, which causes a use-after-free vulnerability that leads to a denial of service. However, if the attacker could control the memory after the free, they can corrupt more data and potentially execute code. 

“Talos tested and confirmed that versions 3.26.0 and 3.27.0 of SQLite are affected by this vulnerability,” the researchers note. 

The security researchers, who published proof-of-concept code, reported the vulnerability to the vendor in early February. An update to patch the issue had been released weeks before the advisory was made public. 

Related: Code Execution Flaw in SQLite Affects Chrome, Other Software

Related: JavaScript Library Introduced XSS Flaw in Google Search

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.