Unrated severityNVD Advisory· Published Dec 12, 2022· Updated May 5, 2025

CVE-2022-46908

Description

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

Affected products

SQLite/SQLitedescription
osv-coords41 versions
pkg:apk/chainguard/sqlite pkg:apk/chainguard/sqlite-dev pkg:apk/chainguard/sqlite-doc pkg:apk/chainguard/sqlite-libs pkg:apk/wolfi/sqlite pkg:apk/wolfi/sqlite-dev pkg:apk/wolfi/sqlite-doc pkg:apk/wolfi/sqlite-libs pkg:bitnami/sqlite pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/suse/sqlite3&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/sqlite3&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0+ 40 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 3.37.0, < 3.40.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-150000.3.20.1
- (no CPE)range: < 3.39.3-9.26.1
- (no CPE)range: < 3.39.3-9.26.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202311-03mitrevendor-advisory
news.ycombinator.com/itemmitre
security.netapp.com/advisory/ntap-20230203-0005/mitre
sqlite.org/forum/forumpost/07beac8056151b2fmitre
sqlite.org/src/info/cefc032473ac5ad2mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000