Talos security researchers discovered a Use After Free vulnerability in SQLite, allows attackers to send malicious SQL commands to trigger the vulnerability.
The free vulnerability exists in the window function functionality of Sqlite3; the flaw can be tracked as CVE-2019-5018; it affects SQLite 3.26.0, 3.27.0 and receives 8.1 – CVSS:3.0 score.
SQLite is a favorite library used in implementing SQL database engine; it is used extensively in a number of devices including mobile devices, browsers, hardware devices, and user applications.
“SQLite implements the Window Functions feature of SQL which allows queries over a subset, or “window,” of rows. After parsing a SELECT statement that contains a window function, the SELECT statement is transformed using the sqlite3WindowRewrite function.”
The master objected retriwed from the SELECt objects and rewrites for easier processing. Researchers discovered that during deletion of expression, “if the expression is marked as a Window Function, the associated Window object is deleted as well.”
While deletion of windows, it’s associated partition of the window also get deleted, “After this partition is deleted, it is then reused in exprListAppendList [5], causing a use after free vulnerability, resulting in a denial of service,” reads vulnerability report.
“If an attacker can control this memory after the free, there is an opportunity to corrupt more data, potentially leading to code execution.”
Vulnerability Disclosure Timeline
2019-02-05 – Vendor Disclosure
2019-03-07 – 30 day follow up with vendor; awaiting moderator approval
2019-03-28 – Vendor patched
2019-05-09 – Public Release
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Critical SQLite Bug Affected all Modern Operating Systems and Software
phpMyAdmin 4.8.5 Released with Fixes for SQL injection and Arbitrary File Read Vulnerability
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…