Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
HSQLDB: Unrestricted File Writing in Libreoffice Database
OESA-2026-1490
Summary
A security update is available for HSQLDB, a free database engine used in many software projects. An attacker could potentially create a malicious database file that allows them to write to any file on the system. This could lead to unauthorized data tampering or system compromise. We recommend updating to the latest version of HSQLDB to address this issue.
What to do
- Update hsqldb to version 2.4.0-6.oe2403.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | hsqldb | <= 2.4.0-6.oe2403 | 2.4.0-6.oe2403 |
Original title
hsqldb security update
Original description
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small (about 100k), fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as a minimal web server, in-memory query and management tools (can be run as applets or servlets, too) and a number of demonstration examples. Downloaded code should be regarded as being of production quality. The product is currently being used as a database and persistence engine in many Open Source Software projects and even in commercial projects and products! In it&apos;s current version it is extremely stable and reliable. It is best known for its small size, ability to execute completely in memory and its speed. Yet it is a completely functional relational database management system that is completely free under the Modified BSD License. Yes, that&apos;s right, completely free of cost or restrictions!
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-1183 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026