PT-2023-4867 · Unknown · Sqlite-Jdbc

4390C336

Published

2023-05-23

Updated

2023-11-10

CVE-2023-32697

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sqlite-jdbc versions 3.6.14.1 through 3.41.2.1

Description The issue is related to a remote code execution vulnerability via JDBC URL, which can be exploited by a remote attacker to execute arbitrary code. This is due to incorrect code generation management in the SQLite JDBC library.

Recommendations For versions 3.6.14.1 through 3.41.2.1, update to version 3.41.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the JDBC URL to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2023-05354

CVE-2023-32697

GHSA-6PHF-6H5G-97J2

OESA-2023-1792

Affected Products

Sqlite-Jdbc

PT-2023-4867 · Unknown · Sqlite-Jdbc

CVE-2023-32697

Weakness Enumeration

Related Identifiers

Affected Products

References · 17