Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-31239: Vulnerabilities/CVE-2021-31239 at main · Tsiming/Vulnerabilities

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

CVE
#sql#vulnerability#linux#dos#git

Permalink

1 contributor

Users who have contributed to this file

An issue found in SQLite SQLite3 v.3.35.4 allows a remote attacker to cause a denial of service via the appendvfs.c function.

---------------------------------------------------------------

> [VulnerabilityType Other]

>> Out of bounds read

---------------------------------------------------------------

> [Affected Component]

>> sqlite3

---------------------------------------------------------------

> [Attack Type]

>> Remote

---------------------------------------------------------------

> [Impact Denial of Service]

>> true

---------------------------------------------------------------

> [Attack Vectors]

>> sqlite3 < poc

poc link:

>> https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/poc

---------------------------------------------------------------

> [Has vendor confirmed]

>> true

---------------------------------------------------------------

> [Reference]

>> https://www.sqlite.org/forum/forumpost/d9fce1a89b

---------------------------------------------------------------

> [Vendor of Product]

>> https://sqlite.org/index.html

---------------------------------------------------------------

> [Affected Product Code Base]

>> sqlite3 3.35.4

---------------------------------------------------------------

> [ASAN Report]

>> ASAN:SIGSEGV

>> =================================================================

>> ==3676881==ERROR: AddressSanitizer: SEGV on unknown address

>> 0x000000000008 (pc 0x00000040fe9a bp 0x7fffdffd1a90 sp

>> 0x7fffdffd19c0 T0) #0 0x40fe99 in apndOpen

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x40fe99)

>> #1 0x46bfde in sqlite3OsOpen

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46bfde)

>> #2 0x4a33c7 in sqlite3PagerOpen

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4a33c7)

>> #3 0x4c1016 in sqlite3BtreeOpen

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x4c1016)

>> #4 0x652d3e in openDatabase

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x652d3e)

>> #5 0x65352c in sqlite3_open_v2

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x65352c)

>> #6 0x44cd00 in arDotCommand

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x44cd00)

>> #7 0x450e75 in do_meta_command

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x450e75)

>> #8 0x46116f in process_input

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x46116f)

>> #9 0x463d37 in main

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x463d37)

>> #10 0x7f75c916883f in __libc_start_main

>> (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #11 0x403798 in

>> _start

>> (/home/Projects/Programs/sqlite-autoconf-3350400/build-asan/sqlite3+0x403798)

>> AddressSanitizer can not provide additional info. SUMMARY:

>> AddressSanitizer: SEGV ??:0 apndOpen ==3676881==ABORTING

---------------------------------------------------------------

Related news

Gentoo Linux Security Advisory 202311-03

Gentoo Linux Security Advisory 202311-3 - Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907