U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts found a remote-code execution flaw in SQLite

Researchers at Cisco Talos discovered an use-after-free() vulnerability in SQLite that could be exploited by an attacker to remotely execute code on an affected device. Cisco Talos experts discovered an use-after-free() flaw in SQLite that could be exploited by an attacker to remotely execute code on an affected device. An attacker can trigger the flaw by sending […]

SQLite

Researchers at Cisco Talos discovered an use-after-free() vulnerability in SQLite that could be exploited by an attacker to remotely execute code on an affected device.

Cisco Talos experts discovered an use-after-free() flaw in
SQLite that could be exploited by an attacker to remotely execute code on an affected device. An attacker can trigger the flaw by sending a malicious SQL command to the vulnerable installs.

“An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution.” reads the analysis published by Cisco Talos. “An attacker can send a malicious SQL command to trigger this vulnerability.”

The flaw, tracked as CVE-2019-5018 affects SQLite 3.26.0, 3.27.0 and received CVSS 3.0 score 8.1.

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is considered the most used database engine in the world, it is built into mobile phones and most computers and is used in countless other applications.

SQLite

SQLite implements the Window Functions feature of SQL, after parsing a SELECT statement containing a window function, the SELECT statement is transformed using the sqlite3WindowRewrite function.

Experts discovered that the process implemented by SQLite to handle the functions includes reusing a deleted partition.

“Looking back at the original sqlite3WindowRewrite function, this deleted partition is reused after the rewrite of the expression list ” continues the analysis.

“After this partition is deleted, it is then reused in exprListAppendList [5], causing a use after free vulnerability, resulting in a denial of service. If an attacker can control this memory after the free, there is an opportunity to corrupt more data, potentially leading to code execution.”

Talos published technical details of the vulnerability that was addressed with the released of SQLite version 3.28,

Timeline for the vulnerability is:

2019-02-05 – Vendor Disclosure
2019-03-07 – 30 day follow up with vendor; awaiting moderator approval
2019-03-28 – Vendor patched
2019-05-09 – Public Release

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SQLite, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]