CVE-2022-46908
Public on 2022-12-12
Modified on 2025-04-22
Description
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | sqlite | Not Affected | ||
| Amazon Linux 2 - Core | sqlite | Not Affected | ||
| Amazon Linux 2023 | sqlite | 2025-05-07 | ALAS2023-2025-971 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| NVD | CVSSv3 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |