A substantial-severity vulnerability has been disclosed in the SQLite databases library, which was launched as aspect of a code transform courting all the way back again to Oct 2000 and could allow attackers to crash or handle applications.
Tracked as CVE-2022-35737 (CVSS rating: 7.5), the 22-yr-outdated issue affects SQLite variations 1..12 by way of 3.39.1, and has been dealt with in version 3.39.2 produced on July 21, 2022.
“CVE-2022-35737 is exploitable on 64-little bit systems, and exploitability is dependent on how the program is compiled,” Trail of Bits researcher Andreas Kellas said in a specialized create-up posted now.
“Arbitrary code execution is verified when the library is compiled with no stack canaries, but unconfirmed when stack canaries are present, and denial-of-company is confirmed in all scenarios.”
Programmed in C, SQLite is the most greatly used database motor, bundled by default in Android, iOS, Windows, and macOS, as effectively as well-known web browsers such as Google Chrome, Mozilla Firefox, and Apple Safari.
The vulnerability discovered by Path of Bits worries an integer overflow bug that happens when incredibly huge string inputs are passed as parameters to the SQLite implementations of the printf functions, which, in flip, make use of yet another function to take care of the string formatting (“sqlite3_str_vappendf”).
However, a productive weaponization of the flaw banking institutions on the prerequisite that the string has the %Q, %q, or %w structure substitution types, potentially main to a application crash when person-controlled info is written further than the bounds of a stack-allotted buffer.
“If the structure string incorporates the ‘!’ unique character to help unicode character scanning, then it is achievable to accomplish arbitrary code execution in the worst circumstance, or to lead to the software to dangle and loop (nearly) indefinitely,” Kellas described.
The vulnerability is also an case in point of a scenario that was at the time deemed impractical decades in the past — allocating 1GB strings as enter — rendered possible with the introduction of 64-bit computing systems.
“It is a bug that may perhaps not have appeared like an mistake at the time that it was published (courting back to 2000 in the SQLite source code) when techniques have been generally 32-little bit architectures,” Kellas stated.
Uncovered this report intriguing? Observe THN on Facebook, Twitter and LinkedIn to read more exclusive material we submit.
Some parts of this article are sourced from:
thehackernews.com