You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Specially crafted netcdf and fits files, could allow attackers to execute arbitrary SQL.
Due to the way the function SQLstatementIntern is called in both these cases, an attacker cannot actually get any data out of the database, but could delete data, insert data or create/drop/alter tables.
Date: 2017-04-07 11:59:03 +0200
From: @kutsurak
To: SQL devs <>
Version: 11.25.15 (Dec2016-SP3)
Last updated: 2017-05-01 13:32:08 +0200
Comment 25205
Date: 2017-04-07 11:59:03 +0200
From: @kutsurak
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build Identifier:
Specially crafted netcdf and fits files, could allow attackers to execute arbitrary SQL.
Due to the way the function SQLstatementIntern is called in both these cases, an attacker cannot actually get any data out of the database, but could delete data, insert data or create/drop/alter tables.
Examples are attached.
Reproducible: Always
Comment 25206
Date: 2017-04-07 12:00:54 +0200
From: MonetDB Mercurial Repository <>
Changeset 9415609bc718 made by Panagiotis Koutsourakis kutsurak@monetdbsolutions.com in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=9415609bc718
Changeset description:
The text was updated successfully, but these errors were encountered: