SQLite Forum

Timeline
Login

3 forum posts by user jan.nijtmans

2021-07-06
08:45 Reply: A format string vulnerability in tool used to help build SQLite's TCL extension on Windows (artifact: d295bc5cfe user: jan.nijtmans)

This CVE now has the status DISPUTED, we all know why ....

2021-07-01
06:41 Reply: A stack overflow vulnerability in SQLite nmakehelp.c allows arbitrary code execution via a crated file (artifact: 5a5001f20a user: jan.nijtmans)

There's a new version of nmakehlp.c now, which eliminates the (potential) problem: https://core.tcl-lang.org/tcl/artifact/b01f822eabbe1ed2

06:36 Reply: A format string vulnerability in tool used to help build SQLite's TCL extension on Windows (artifact: fc70fe7ef4 user: jan.nijtmans)

This has been assigned a CVE number: CVE-2021-35331

It's fixed in this commit: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2

And also updated in sampleextension: https://core.tcl-lang.org/sampleextension/info/53d84c7fb2b6d2da