Package: node-sqlite3 | Debian Sources

Package: node-sqlite3 / 5.0.0+ds1-1+deb11u2

Metadata

Package	Version	Patches format
node-sqlite3	5.0.0+ds1-1+deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable hard test.patch \| (download)	test/each.test.js \| 2 2 + 0 - 0 ! test/parallel_insert.test.js \| 2 2 + 0 - 0 ! 2 files changed, 4 insertions(+)	disable hard test that requires to much resources
CVE 2022 21227.patch \| (download)	src/statement.cc \| 8 7 + 1 - 0 ! test/other_objects.test.js \| 9 9 + 0 - 0 ! 2 files changed, 16 insertions(+), 1 deletion(-)	fix segfault of invalid tostring() object
CVE 2022 43441.patch \| (download)	src/statement.cc \| 2 1 + 1 - 0 ! test/other_objects.test.js \| 16 16 + 0 - 0 ! 2 files changed, 17 insertions(+), 1 deletion(-)	fixed code execution vulnerability due to object coercion - when you call `ToString()` on `Napi::Value`, it calls `napi_coerce_to_string` underneath, which has the ability to run arbitrary JS code if the passed in value is a crafted object - both remote code execution or denial-of-service are possible via this vulnerability - `toString()` on an Object returns `[object Object]` so instead of calling the function, we're going to hardcode it to prevent this issue . Credits: Dave McDaniel of Cisco Talos

Patch

File delta

Description

disable hard test.patch | (download)

test/each.test.js | 2 2 + 0 - 0 !
test/parallel_insert.test.js | 2 2 + 0 - 0 !
2 files changed, 4 insertions(+)

 disable hard test that requires to much resources

CVE 2022 21227.patch | (download)

src/statement.cc | 8 7 + 1 - 0 !
test/other_objects.test.js | 9 9 + 0 - 0 !
2 files changed, 16 insertions(+), 1 deletion(-)

 fix segfault of invalid tostring() object

CVE 2022 43441.patch | (download)

src/statement.cc | 2 1 + 1 - 0 !
test/other_objects.test.js | 16 16 + 0 - 0 !
2 files changed, 17 insertions(+), 1 deletion(-)

 fixed code execution vulnerability due to object coercion
 - when you call `ToString()` on `Napi::Value`, it calls
   `napi_coerce_to_string` underneath, which has the ability to run
   arbitrary JS code if the passed in value is a crafted object
 - both remote code execution or denial-of-service are possible via
   this vulnerability
 - `toString()` on an Object returns `[object Object]` so instead of
   calling the function, we're going to hardcode it to prevent this
   issue
 .
 Credits: Dave McDaniel of Cisco Talos