Published: 12/12/2022 Updated: 24/11/2023

CVSS v3 Base Score: 7.3 | Impact Score: 5.5 | Exploitability Score: 1.8

VMScore: 0

SQLite up to and including 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sqlite sqlite

Debian Bug report logs - #1026293 sqlite3: CVE-2022-46908 Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Dec 2022 20:42:01 UTC Severity: important Tags: security, upstream Found in version sqlite3/340 ...

DescriptionThe MITRE CVE dictionary describes this issue as: SQLite through 3400, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE ...

Critical Infrastructure Sectors: Critical Manufacturing

Critical Infrastructure Sectors: Energy, Transportation Systems, Water and Wastewater Systems

NVD-CWE-Other https://sqlite.org/src/info/cefc032473ac5ad2 https://sqlite.org/forum/forumpost/07beac8056151b2f https://news.ycombinator.com/item?id=33948588 https://security.netapp.com/advisory/ntap-20230203-0005/https://security.gentoo.org/glsa/202311-03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026293 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://access.redhat.com/security/cve/cve-2022-46908

CVE-2022-46908

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect