Vulnerability in FITS and NETCDF data vaults #6258
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Date: 2017-04-07 11:59:03 +0200
From: @kutsurak
To: SQL devs <>
Version: 11.25.15 (Dec2016-SP3)
Last updated: 2017-05-01 13:32:08 +0200
Comment 25205
Date: 2017-04-07 11:59:03 +0200
From: @kutsurak
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build Identifier:
Specially crafted netcdf and fits files, could allow attackers to execute arbitrary SQL.
Due to the way the function SQLstatementIntern is called in both these cases, an attacker cannot actually get any data out of the database, but could delete data, insert data or create/drop/alter tables.
Examples are attached.
Reproducible: Always
Comment 25206
Date: 2017-04-07 12:00:54 +0200
From: MonetDB Mercurial Repository <>
Changeset 9415609bc718 made by Panagiotis Koutsourakis kutsurak@monetdbsolutions.com in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=9415609bc718
Changeset description:
The text was updated successfully, but these errors were encountered: