An interesting bug in one of the most popular embedded DBMS…
“database in programs written in C/C++”
CVE-2022-35737 details
Experts detected a bug in the sqlite3_snprintf function’s code, which is used to interact with the database in programs written in C/C++. If you pass a very large string input (more than 2GB) to that function, it will cause the program to crash; i.e., a denial of service (DoS) attack becomes possible. In the sqlite3_snprintf code, an integer variable was used to calculate the size of the passed string. If the string passed is too large, the variable can take a negative value. This then causes a memory buffer to be allocated that’s too small to write the received string. A common buffer overflow error occurs…
Community Page
Last updated:
Last updated: