Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Vulnerabilities/SQLite/CVE-2021-31239
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
64 lines (63 sloc)
2.91 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| An issue found in SQLite SQLite3 v.3.35.4 allows a remote attacker to cause a denial of service via the appendvfs.c function. | |
| --------------------------------------------------------------- | |
| > [VulnerabilityType Other] | |
| >> Out of bounds read | |
| --------------------------------------------------------------- | |
| > [Affected Component] | |
| >> sqlite3 | |
| --------------------------------------------------------------- | |
| > [Attack Type] | |
| >> Remote | |
| --------------------------------------------------------------- | |
| > [Impact Denial of Service] | |
| >> true | |
| --------------------------------------------------------------- | |
| > [Attack Vectors] | |
| >> sqlite3 < poc | |
| poc link: | |
| >> https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/poc | |
| --------------------------------------------------------------- | |
| > [Has vendor confirmed] | |
| >> true | |
| --------------------------------------------------------------- | |
| > [Reference] | |
| >> https://www.sqlite.org/forum/forumpost/d9fce1a89b | |
| --------------------------------------------------------------- | |
| > [Vendor of Product] | |
| >> https://sqlite.org/index.html | |
| --------------------------------------------------------------- | |
| > [Affected Product Code Base] | |
| >> sqlite3 3.35.4 | |
| --------------------------------------------------------------- | |
| > [ASAN Report] | |
| >> ASAN:SIGSEGV | |
| >> ================================================================= | |
| >> ==3676881==ERROR: AddressSanitizer: SEGV on unknown address | |
| >> 0x000000000008 (pc 0x00000040fe9a bp 0x7fffdffd1a90 sp | |
| >> 0x7fffdffd19c0 T0) #0 0x40fe99 in apndOpen | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x40fe99) | |
| >> #1 0x46bfde in sqlite3OsOpen | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46bfde) | |
| >> #2 0x4a33c7 in sqlite3PagerOpen | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4a33c7) | |
| >> #3 0x4c1016 in sqlite3BtreeOpen | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4c1016) | |
| >> #4 0x652d3e in openDatabase | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x652d3e) | |
| >> #5 0x65352c in sqlite3_open_v2 | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x65352c) | |
| >> #6 0x44cd00 in arDotCommand | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x44cd00) | |
| >> #7 0x450e75 in do_meta_command | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x450e75) | |
| >> #8 0x46116f in process_input | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46116f) | |
| >> #9 0x463d37 in main | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x463d37) | |
| >> #10 0x7f75c916883f in __libc_start_main | |
| >> (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #11 0x403798 in | |
| >> _start | |
| >> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x403798) | |
| >> AddressSanitizer can not provide additional info. SUMMARY: | |
| >> AddressSanitizer: SEGV ??:0 apndOpen ==3676881==ABORTING | |
| --------------------------------------------------------------- |