Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
HSQLDB: Malicious database file can write to arbitrary locations
OESA-2026-1491
Summary
A security update is available for HSQLDB, a free database software. A malicious database file can be used to write files to any location on the computer. This could potentially be used to install malware or steal data. Update to the latest version of HSQLDB to fix this issue.
What to do
- Update hsqldb to version 2.4.0-6.oe2403sp1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | hsqldb | <= 2.4.0-6.oe2403sp1 | 2.4.0-6.oe2403sp1 |
Original title
hsqldb security update
Original description
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small (about 100k), fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as a minimal web server, in-memory query and management tools (can be run as applets or servlets, too) and a number of demonstration examples. Downloaded code should be regarded as being of production quality. The product is currently being used as a database and persistence engine in many Open Source Software projects and even in commercial projects and products! In it&apos;s current version it is extremely stable and reliable. It is best known for its small size, ability to execute completely in memory and its speed. Yet it is a completely functional relational database management system that is completely free under the Modified BSD License. Yes, that&apos;s right, completely free of cost or restrictions!
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-1183 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026