SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine.
SQLite is a client-sidedatabase management system contained in a C programming library. SQLite implements the Window Functions feature of SQL, which allows queries over a subset, or “window,” of rows. This specific vulnerability lies in that “window” function. An exploitable use-after-free vulnerability exists in the window function of SQLite3 3.26.0. A specially crafted SQL command can cause a use-after-free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Read the complete vulnerability advisory
here for additional information.
Talos tested and confirmed that versions 3.26.0 and 3.27.0 of SQLite are affected by this vulnerability.
CISA Warns of Microsoft PowerPoint Code Injection Vulnerability Exploited in Attacks