You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I have been studying OSS vulnerabilities and their existence in downstream projects. While reviewing CVEs in sqlite3, I noticed that comdb2 integrates sqlite in source form, and the sources lacked constant merging of upstream security patches.
** Scanned unfixed vulnerabilities **
Here is a list of vulnerabilities found with our tool and rules. Each item denotes the missing patch (upstream git commit fixing the defect) and the code context (function and location) in comdb2.
ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd/sqlite3Pragma-autogen.bqrs
| func | col1 | col2 |
+---------------+---------------------------------------------------------------------------+---------------------------+
| sqlite3Pragma | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/pragma.c | function startline is 329 |
a6c1a71cde082e09750465d5675699062922e387/selectExpander-autogen.bqrs
| func | col1 | col2 |
+----------------+---------------------------------------------------------------------------+----------------------------+
| selectExpander | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/select.c | function startline is 4956 |
8428b3b437569338a9d1e10c4cd8154acbe33089/multiSelect-autogen.bqrs
| func | col1 | col2 |
+-------------+---------------------------------------------------------------------------+----------------------------+
| multiSelect | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/select.c | function startline is 2591 |
926f796e8feec15f3836aa0a060ed906f8ae04d3/sqlite3CreateColumnExpr-autogen.bqrs
| func | col1 | col2 |
+-------------------------+----------------------------------------------------------------------------+---------------------------+
| sqlite3CreateColumnExpr | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/resolve.c | function startline is 618 |
0934d640456bb168a8888ae388643c5160afe501/sqlite3ExprCodeTarget-autogen.bqrs
| func | col1 | col2 |
+-----------------------+-------------------------------------------------------------------------+----------------------------+
| sqlite3ExprCodeTarget | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/expr.c | function startline is 3557 |
38096961c7cd109110ac21d3ed7dad7e0cb0ae06/sqlite3CreateView-autogen.bqrs
| func | col1 | col2 |
+-------------------+--------------------------------------------------------------------------+----------------------------+
| sqlite3CreateView | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/build.c | function startline is 2737 |
e59c562b3f6894f84c715772c4b116d7b5c01348/sqlite3Select-autogen.bqrs
| func | col1 | col2 |
+---------------+---------------------------------------------------------------------------+----------------------------+
| sqlite3Select | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/select.c | function startline is 5752 |
522ebfa7cee96fb325a22ea3a2464a63485886a8/lookupName-autogen.bqrs
| func | col1 | col2 |
+------------+----------------------------------------------------------------------------+---------------------------+
| lookupName | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/resolve.c | function startline is 185 |
1e9c47be1e81e94a67f788c98fd70e8bf70e3746/sqlite3EndTable-autogen.bqrs
| func | col1 | col2 |
+-----------------+--------------------------------------------------------------------------+----------------------------+
| sqlite3EndTable | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/build.c | function startline is 2428 |
396afe6f6aa90a31303c183e11b2b2d4b7956b35/flattenSubquery-autogen.bqrs
| func | col1 | col2 |
+-----------------+---------------------------------------------------------------------------+----------------------------+
| flattenSubquery | function relativepath is /opt/exp/sqlite-forks/comdb2/sqlite/src/select.c | function startline is 3754 |
** Notice **
I'm not quite familiar with comdb2 and its way using sqlite. It remains to be judged whether and how these vulnerabilities of sqlite module are exploitable.
The text was updated successfully, but these errors were encountered:
Recently I have been studying OSS vulnerabilities and their existence in downstream projects. While reviewing CVEs in sqlite3, I noticed that comdb2 integrates sqlite in source form, and the sources lacked constant merging of upstream security patches.
** Scanned unfixed vulnerabilities **
Here is a list of vulnerabilities found with our tool and rules. Each item denotes the missing patch (upstream git commit fixing the defect) and the code context (function and location) in comdb2.
** Notice **
I'm not quite familiar with comdb2 and its way using sqlite. It remains to be judged whether and how these vulnerabilities of sqlite module are exploitable.
The text was updated successfully, but these errors were encountered: