DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature.
References
Link | Resource |
---|---|
https://github.com/Tu0Laj1/database_test | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-30T00:00:00
Updated: 2024-01-30T00:55:35.160309
Reserved: 2024-01-11T00:00:00
Link: CVE-2024-22682
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-30T01:16:00.020
Modified: 2024-02-05T21:47:19.313
Link: CVE-2024-22682
JSON object: View
Redhat Information
No data.
CWE