Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Mention the CVE-2022-38627 bug in Linear eMerge E3 - that it is not a bug in SQLite. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | branch-3.40 |
| Files: | files | file ages | folders |
| SHA3-256: |
36ae56152f9b94cee5bc13b656d13d79 |
| User & Date: | drh 2023-01-02 12:13:01.920 |
Context
|
2023-01-04
| ||
| 16:14 | Update the Expensify logo on the homepage to the latest version of their official logo. (check-in: 1b31b16a2d user: drh tags: branch-3.40) | |
|
2023-01-02
| ||
| 13:47 | Cherry-pick branch-3.40 changes (and fix internal links therein.) (Leaf check-in: 139fb64868 user: larrybr tags: docgen_tweaks) | |
| 12:13 | Mention the CVE-2022-38627 bug in Linear eMerge E3 - that it is not a bug in SQLite. (check-in: 36ae56152f user: drh tags: branch-3.40) | |
|
2022-12-28
| ||
| 14:21 | Fix the chronology for the 3.40.1 release. (check-in: b802cae15f user: drh tags: branch-3.40) | |
Changes
Changes to pages/cves.in.
| ︙ | ︙ | |||
271 272 273 274 275 276 277 278 279 280 281 282 283 284 |
CVE 2022-46908 not-in-core {
This is a bug in the --safe command-line option of the [command-line shell]
program that is available for accessing SQLite database files. The bug does
not exist in the SQLite library. Nor is it an issue for the [CLI] as long as
the user does not depend on the --safe option. It is not serious. It is
debatable whether or not this is a security issue.
}
CVE 2022-35737 3.39.2 {
This bug is an array-bounds overflow. The bug is only accessible when using some
of the C-language APIs provided by SQLite. The bug cannot be reached using SQL
nor can it be reached by providing SQLite with a corrupt database file.
The bug only comes up when very long string inputs (greater than 2 billion bytes
in length) are provided as arguments to a few specific C-language interfaces,
and even then only under special circumstances.
| > > > > > > > | 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 |
CVE 2022-46908 not-in-core {
This is a bug in the --safe command-line option of the [command-line shell]
program that is available for accessing SQLite database files. The bug does
not exist in the SQLite library. Nor is it an issue for the [CLI] as long as
the user does not depend on the --safe option. It is not serious. It is
debatable whether or not this is a security issue.
}
CVE 2022-38627 not-a-bug {
This is not a bug in SQLite. This is an
[https://en.wikipedia.org/wiki/SQL_injection|SQL injection bug] in a specific
PHP application. In other words, the bug is in the PHP application code, not
in SQLite. Even though this CVE is not about SQLite, "SQLite" is
mentioned in the publicity about the bug and so we list it here.
}
CVE 2022-35737 3.39.2 {
This bug is an array-bounds overflow. The bug is only accessible when using some
of the C-language APIs provided by SQLite. The bug cannot be reached using SQL
nor can it be reached by providing SQLite with a corrupt database file.
The bug only comes up when very long string inputs (greater than 2 billion bytes
in length) are provided as arguments to a few specific C-language interfaces,
and even then only under special circumstances.
|
| ︙ | ︙ |