GOG Galaxy - Vulnerable old SQlite, page 1 - Forum

alt3rn1ty Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

alt3rn1ty

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: May 2016

From United Kingdom

Posted November 08, 2022

1

Just did a search of my computer for SQLite instances ..

GOG Galaxy has installed old versions of SQLite, which are now considered exploitable security vulnerabilities.

These need updating / weeded out by GOG Galaxy if there are legacy installations no longer in use.

Could you guys address this as soon as possible.

https://www.sqlite.org/index.html

The latest release is v3.39.4 released 29th September 2022

Couple of CVEs' in the changelog https://www.sqlite.org/releaselog/3_39_4.html

The ones installed by Galaxy were last modified in February 2022 see screenshot below ..

Attachments:

untitled.png (26 Kb)

Post edited November 08, 2022 by alt3rn1ty

alt3rn1ty Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

alt3rn1ty

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: May 2016

From United Kingdom

Posted November 08, 2022

2

@Moderators - Could you bring this to the attention of the developers ASAP please.

Ice_Mage Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Ice_Mage

(⊃｡•́‿•̀｡)⊃━☆ﾟ*･｡*✲ﾟ

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Mar 2020

From Romania

Posted November 08, 2022

3

alt3rn1ty: @Moderators - Could you bring this to the attention of the developers ASAP please.

Open a support ticket. There's also the Report a Bug option in the GOG Galaxy menu, but I haven't seen anyone handle bug reports filed there.

Staff don't scour the forum for reports of technical problems. They're only to be contacted when you're having trouble with a support ticket; they're not an alternative to the support system itself.

RavenCrowwise Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

RavenCrowwise

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Apr 2015

From Portugal

Posted November 08, 2022

4

Uninstalled GOG Galaxy until this is fixed.

Gersen Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Gersen

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Sep 2008

From Switzerland

Posted November 08, 2022

5

Something to remember / know :

....
CVEs ("Common Vulnerabilities and Exposures") about SQLite probably do not apply to your use of SQLite.

All historical vulnerabilities reported against SQLite require at least one of these preconditions:

- The attacker can submit and run arbitrary SQL statements.

- The attacker can submit a maliciously crafted database file to the application that the application will then open and query.

Few real-world applications meet either of these preconditions, and hence few real-world applications are vulnerable, even if they use older and unpatched versions of SQLite.

The SQLite development team fixes bugs promptly, usually within hours of discovery. New releases of SQLite are issued if the bug seems likely to impact real-world applications.

Grey-hat hackers are rewarded based on the number and severity of CVEs that they write. This results in a proliferation of CVEs that have minor impact, or no impact at all, but which make exaggerated impact claims.

Very few CVEs written about SQLite are real vulnerabilities in the sense that they do not give any new capabilities to an attacker.
....

For info the latest CVE, as in the one mentioned in the OP, was discovered in early march but only fixed in late July.

Post edited November 08, 2022 by Gersen

Discover CD PROJEKT RED games

Highlights

Featured