Security vulnerabilities and automated fixes for database security issues
4 posts found
A critical SQL injection vulnerability in `scripts/verify-db.ts` allowed attackers to execute arbitrary SQL commands by manipulating table names passed to the `countTable()` function. The script used `client.unsafe()` with string interpolation, directly embedding unsanitized input into SQL queries. The fix replaced the unsafe pattern with parameterized queries using the postgres client's built-in escaping.
A critical SQL injection vulnerability in `zhparser--2.1.sql` allowed attackers to execute arbitrary SQL commands by crafting malicious database names. The vulnerability existed because the dictionary synchronization function constructed COPY commands using string concatenation without proper escaping. This fix implements parameterized queries to safely handle database identifiers.
A database query in DBeaver's Altibase extension was constructing SQL statements using `String.format()` with user-controlled input, creating a classic SQL injection vulnerability. The fix replaces the unsafe string interpolation with parameterized queries using `PreparedStatement`, ensuring user input is always treated as data rather than executable SQL. This type of vulnerability is deceptively simple to introduce but equally simple to fix once you know what to look for.
A critical buffer overflow vulnerability was discovered and patched in Odyssey's SCRAM-SHA-256 authentication implementation, where six unchecked `memcpy` calls allowed unauthenticated attackers to corrupt heap memory by sending crafted oversized fields during authentication. This type of vulnerability is especially dangerous because it requires no credentials to exploit — any client initiating a connection could trigger it. The fix enforces proper length validation before every memory copy oper