cbcvebase.
CVE-2023-32697
published 2023-05-23

CVE-2023-32697: SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.59%
72.6th percentile
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianxerial-sqlite-jdbc< xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 (bookworm)xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 (bookworm)
sqlite_jdbc_projectsqlite_jdbc>= 3.6.14.1 < 3.41.2.23.41.2.2
xerialsqlite-jdbc

Detection & IOCsextracted from sources · hover to see the quote

  • Remote code execution is triggered via a malicious JDBC URL — monitor and restrict JDBC URL inputs, especially those supplied by untrusted or remote users
  • Vulnerable versions of sqlite-jdbc are 3.6.14.1 through 3.41.2.1; flag any deployment of these versions in Java environments as high-risk for RCE via attacker-controlled JDBC URLs
  • Audit application code and configurations for any path where a JDBC URL is derived from user-controlled or network-supplied input — this is the direct attack vector for RCE
  • ·The vulnerability is only exploitable when the JDBC URL is attacker-controlled; deployments where the JDBC URL is fully hardcoded or not externally influenced are not affected, as confirmed by multiple Red Hat package assessments
  • ·Debian scoped this as 'local' severity, suggesting exploitability may depend on local access to influence the JDBC URL in some deployment configurations
  • ·Oracle rates this 8.8 CVSS over HTTP but marks remote exploit as 'No', indicating the HTTP protocol is the transport context but direct remote exploitation requires additional conditions

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.8HIGH
vendor_oracle8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.