Posted by Hanno Böck on May 12

https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html

While fuzzing SQLite I discovered two read heap overflow errors. One is
in the database file parser, one in the sql command parser. Both issues
are present in SQLite 3.8.9 and are fixed in SQLite 3.8.10.1. These
bugs can be seen with either valgrind or address sanitizer.

Passing the command “.” will cause a one byte heap overflow in…