Headline
CVE-2023-36191: SQLite Forum: Report bugs against SQLite.
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.
sqlite3 SEGV on unknown address 0x000000000000
When running sqlite3 like the command below:
./sqlite3 -nonce
the program will cause SEGV on unknown address 0x000000000000 error.
shell.c:26109-26111
}else if( cli_strcmp(z,"-nonce")==0 ){
free(data.zNonce);
data.zNonce = strdup(argv[++i]);
Test Environment
Ubuntu 20.04, 64 bit sqlite3 (version: 3.40.1)
How to trigger
- Compile the program with AddressSanitizer
- Run command $ ./sqlite3 -nonce
Details****ASAN report
$ ./sqlite3 -nonce
```
==935238==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff7d196e5 bp 0x7fffffffc9d0 sp 0x7fffffffc188 T0) ==935238==The signal is caused by a READ memory access. ==935238==Hint: address points to the zero page. #0 0x7ffff7d196e5 /build/glibc-SzIz7B/glibc-2.31/string/…/sysdeps/x86_64/multiarch/strlen-avx2.S:65 #1 0x486902 in strdup (/home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/install/bin/sqlite3+0x486902) #2 0x4e70db in main /home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/shell.c:26111:21 #3 0x7ffff7bb5082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/…/csu/libc-start.c:308:16 #4 0x41e6bd in _start (/home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/install/bin/sqlite3+0x41e6bd)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /build/glibc-SzIz7B/glibc-2.31/string/…/sysdeps/x86_64/multiarch/strlen-avx2.S:65 ==935238==ABORTING ```