Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
An issue found in SQLite SQLite3 v.3.35.4 allows a remote attacker to cause a denial of service via the appendvfs.c function.
---------------------------------------------------------------
> [VulnerabilityType Other]
>> Out of bounds read
---------------------------------------------------------------
> [Affected Component]
>> sqlite3
---------------------------------------------------------------
> [Attack Type]
>> Remote
---------------------------------------------------------------
> [Impact Denial of Service]
>> true
---------------------------------------------------------------
> [Attack Vectors]
>> sqlite3 < poc
poc link:
>> https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/poc
---------------------------------------------------------------
> [Has vendor confirmed]
>> true
---------------------------------------------------------------
> [Reference]
>> https://www.sqlite.org/forum/forumpost/d9fce1a89b
---------------------------------------------------------------
> [Vendor of Product]
>> https://sqlite.org/index.html
---------------------------------------------------------------
> [Affected Product Code Base]
>> sqlite3 3.35.4
---------------------------------------------------------------
> [ASAN Report]
>> ASAN:SIGSEGV
>> =================================================================
>> ==3676881==ERROR: AddressSanitizer: SEGV on unknown address
>> 0x000000000008 (pc 0x00000040fe9a bp 0x7fffdffd1a90 sp
>> 0x7fffdffd19c0 T0) #0 0x40fe99 in apndOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x40fe99)
>> #1 0x46bfde in sqlite3OsOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46bfde)
>> #2 0x4a33c7 in sqlite3PagerOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4a33c7)
>> #3 0x4c1016 in sqlite3BtreeOpen
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4c1016)
>> #4 0x652d3e in openDatabase
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x652d3e)
>> #5 0x65352c in sqlite3_open_v2
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x65352c)
>> #6 0x44cd00 in arDotCommand
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x44cd00)
>> #7 0x450e75 in do_meta_command
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x450e75)
>> #8 0x46116f in process_input
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46116f)
>> #9 0x463d37 in main
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x463d37)
>> #10 0x7f75c916883f in __libc_start_main
>> (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #11 0x403798 in
>> _start
>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x403798)
>> AddressSanitizer can not provide additional info. SUMMARY:
>> AddressSanitizer: SEGV ??:0 apndOpen ==3676881==ABORTING
---------------------------------------------------------------