Issue 2022-W43

Published on

Subscribe to new issues of the bulletin via the RSS feed or via email.

This week has been about big data, a SQLite vulnerability, GIFs as code, Kubernetes in the desktop, a JavaScript bundler in Rust and readline shortcuts.

# Turbopack

An incremental bundler and build system optimized for JavaScript and TypeScript, written in Rust.

# vhs

A command-line tool to write terminal GIFs as code.

# Stranger Strings: An exploitable flaw in SQLite

An article on a security vulnerability found in SQLite that has been present since October 2000. It is fairly difficult to exploit it due the amount of conditions that need to align

On vulnerable systems, CVE-2022-35737 is exploitable when large string inputs are passed to the SQLite implementations of the printf functions and when the format string contains the %Q, %q, or %w format substitution types.

Note that "large string" means "billions of bytes are used in a string", and also it's only achivable when using such input as an argument in the C API.

# Big Data Storage

An article on how to store, process and transfer large amounts of data in a reliable manner.

# Rancher Desktop

An open-source desktop application for Mac, Windows and Linux for running Kubernetes and container management.

# Keyboard Shortcuts every Command Line Hacker should know about GNU Readline

An article on the shortcuts to know to navigate most interactive *nix shells.