In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process’s SQL with no additional execution privileges needed. User interaction is not needed for exploitation.
CPE | Name | Operator | Version |
---|---|---|---|
platform/external/sqlite | eq | 10 | |
platform/external/sqlite | eq | 8.1 | |
platform/external/sqlite | eq | 9 | |
platform/external/sqlite | eq | 11 |