The consequences of a years-old SQLite vulnerability - kaspersky

An interesting bug in one of the most popular embedded DBMS…

“database in programs written in C/C++”

CVE-2022-35737 details

Experts detected a bug in the sqlite3_snprintf function’s code, which is used to interact with the database in programs written in C/C++. If you pass a very large string input (more than 2GB) to that function, it will cause the program to crash; i.e., a denial of service (DoS) attack becomes possible. In the sqlite3_snprintf code, an integer variable was used to calculate the size of the passed string. If the string passed is too large, the variable can take a negative value. This then causes a memory buffer to be allocated that’s too small to write the received string. A common buffer overflow error occurs…