CVE-2021-31239

An issue found in SQLite SQLite3 v.3.35.4 allows a remote attacker to cause a denial of service via the appendvfs.c function.

---------------------------------------------------------------
> [VulnerabilityType Other]
>> Out of bounds read
---------------------------------------------------------------
> [Affected Component]
>> sqlite3
---------------------------------------------------------------
> [Attack Type]
>> Remote
---------------------------------------------------------------
> [Impact Denial of Service]
>> true
---------------------------------------------------------------
> [Attack Vectors]
>> sqlite3 < poc 
poc link:
>> https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/poc
---------------------------------------------------------------
> [Has vendor confirmed]
>> true
---------------------------------------------------------------
> [Reference]
>> https://www.sqlite.org/forum/forumpost/d9fce1a89b
---------------------------------------------------------------
> [Vendor of Product]
>> https://sqlite.org/index.html
---------------------------------------------------------------
> [Affected Product Code Base]
>> sqlite3 3.35.4
---------------------------------------------------------------
> [ASAN Report]
>> ASAN:SIGSEGV
>> =================================================================
>> ==3676881==ERROR: AddressSanitizer: SEGV on unknown address
>> 0x000000000008 (pc 0x00000040fe9a bp 0x7fffdffd1a90 sp
>> 0x7fffdffd19c0 T0) #0 0x40fe99 in apndOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x40fe99)
>> #1 0x46bfde in sqlite3OsOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46bfde)
>> #2 0x4a33c7 in sqlite3PagerOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4a33c7)
>> #3 0x4c1016 in sqlite3BtreeOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4c1016)
>> #4 0x652d3e in openDatabase
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x652d3e)
>> #5 0x65352c in sqlite3_open_v2
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x65352c)
>> #6 0x44cd00 in arDotCommand
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x44cd00)
>> #7 0x450e75 in do_meta_command
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x450e75)
>> #8 0x46116f in process_input
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46116f)
>> #9 0x463d37 in main
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x463d37)
>> #10 0x7f75c916883f in __libc_start_main
>> (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #11 0x403798 in
>> _start
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x403798)
>> AddressSanitizer can not provide additional info. SUMMARY:
>> AddressSanitizer: SEGV ??:0 apndOpen ==3676881==ABORTING
---------------------------------------------------------------