Other official information and services: www.belgium.be

Warning: Remote code execution vulnerability in SQLite JDBC

Reference:

Advisory #2023-61

Version:

1.0

Affected software:

sqlite-jdbc (Maven): v3.6.14.1 - v3.41.2.1

Type:

Remote Code Execution (RCE)

CVE/CVSS:

CVE-2023-32697

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8)

Date:

25/05/2023

Sources

Official manufacturer https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g...

NVD https://nvd.nist.gov/vuln/detail/CVE-2023-32697

Risks

An authenticated remote attacker can execute arbitrary code, possibly leading to a compromise of system/data integrity, confidentiality, and/or availability.

Description

SQLite JDBC is a library for accessing and creating SQLite database files in Java. An authenticated remote attacker which is able to control the JDBC URL could abuse an insecure temporary file in order to execute arbitrary code with privileges of the involved Java application. The vendor did not provide any further information. At the time of verification no PoC was available.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions in order to mitigate the impact of this vulnerability in the most efficient way.

Patch

Create an inventory that includes all the software from your organisation and check per entry if sqlite-jdbc is used. Note certain software might reference an older version of sqlite-jdbc in their POM-file.

Please upgrade to SQLite JDBC version 3.41.2.1 or higher after thorough testing.

Monitor/Detect

The CCB recommends organisations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion. Monitor for suspicious file access.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

When applying patches to systems that have been vulnerable to an RCE exploit, a proactive threat assessment should be performed to verify no exploitation occurred in the time between a patch becoming available and being applied.

References

Vendor product homepage https://github.com/xerial/sqlite-jdbc