Miggo Logo
Miggo Vulnerability Database
CVE-2023-32697

CVE-2023-32697:
Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-32697
GHSA ID
GHSA-6phf-6h5g-97j2
EPSS Score
0.87107%
CWE
CWE-94
Published
5/23/2023
Updated
11/7/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.xerial:sqlite-jdbcmaven>= 3.6.14.1, < 3.41.2.23.41.2.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how JDBC URL parameters (particularly 'lib') were processed to load native libraries. The patch introduced random UUIDs for temporary resources (commit edb4b8a), indicating the previous implementation used attacker-controlled input to determine library paths. The SQLiteJDBCLoader's extraction logic and SQLiteConnection's URL parsing directly handle these untrusted inputs, making them the injection points for malicious library loading.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## Summ*ry Sqlit*-j*** ***r*ss*s * r*mot* *o** *x**ution vuln*r**ility vi* J*** URL. ## Imp**t** v*rsions : *.*.**.*-*.**.*.* ## R***r*n**s *ttps://*it*u*.*om/x*ri*l/sqlit*-j***/r*l**s*s/t**/*.**.*.*

Reasoning

T** vuln*r**ility st*ms *rom *ow `J***` URL p*r*m*t*rs (p*rti*ul*rly 'li*') w*r* pro**ss** to lo** n*tiv* li*r*ri*s. T** p*t** intro*u*** r*n*om UUI*s *or t*mpor*ry r*sour**s (*ommit `*******`), in*i**tin* t** pr*vious impl*m*nt*tion us** *tt**k*r-*o