Re: [FD] several issues in SQLite (+ catching up on several other bugs)

Michal Zalewski wrote: > ... > Because of its versatility, SQLite sometimes finds use as the > mechanism behind SQL-style query APIs that are exposed between > privileged execution contexts and less-trusted code. One example of > this is the WebDB / WebSQL mechanism available in some browsers; in > this setting, vulnerabilities in the SQLite parser can open up the > platform to attacks. > > Anyway, long story short, I recently reported around 22 bugs in the > query parser, including the use of uninitialized memory when parsing > collation sequences: ... thanks for this work, and this report. if anyone has a pointy-haired-boss who wonders about the impact of this disclosure, i offer: http://ift.tt/1C3z8Cs



Source: Gmail -> IFTTT-> Blogger