Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Jul 2010 18:31:42 +0100
From: Luigi Auriemma <>
To: oss-security <>
Subject: Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely
 exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug

> Though not sure, if the true reason for this is:
> 1, either Mumble server calling relevant Qt SQLite function in
> improper way or 2, deficiency in that particular Qt function itself

Hey Jan,

I have not debugged the problem because I contacted directly the author
immediately after the finding, so the following are his words in reply
to the report of this specific bug:

"The second seems to be a .. "feature" of SQLite; it bails if you have 
too many almost-but-not-really-utf8 chars in a 'like' query. We can 
probably add a workaround for that."

So the problem "seems" to be caused by SQLite but should be necessary to
see in its manual if there are references about limitations that the
developers should respect or something else.


Luigi Auriemma

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.