SQLite version is before vulnerability CVE-2022-35737 was fixed, details of which are described here.
-
neila commented at 11:51 am on October 26, 2022: none
-
ghost commented at 12:42 pm on October 26, 2022: none
On vulnerable systems, CVE-2022-35737 is exploitable when large string inputs are passed to the SQLite implementations of the printf functions and when the format string contains the %Q, %q, or %w format substitution types. This is enough to cause the program to crash. We also show that if the format string contains the ! special character to enable unicode character scanning, then it is possible to achieve arbitrary code execution in the worst case, or to cause the program to hang and loop (nearly) indefinitely.
%w
is only used at one place for wallet_name: -
sipa commented at 12:46 pm on October 26, 2022: memberWe don’t use
sqlite3_printf
anywhere, so I don’t believe we can be affected. @1440000bytes That “%w” is unrelated, that’s for command substitution, not in a sqlite3_printf format string. -
MarcoFalke closed this on Oct 26, 2022
-
MarcoFalke added the label Wallet on Oct 26, 2022
-
MarcoFalke added the label Questions and Help on Oct 26, 2022
-
fanquake locked this on Oct 28, 2022
Labels
Wallet
Questions and Help
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-01 10:13 UTC
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-01 10:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me
More mirrored repositories can be found on mirror.b10c.me