Posted by Hanno Böck on May 12
While fuzzing SQLite I discovered two read heap overflow errors. One is
in the database file parser, one in the sql command parser. Both issues
are present in SQLite 3.8.9 and are fixed in SQLite 18.104.22.168. These
bugs can be seen with either valgrind or address sanitizer.
Passing the command “.” will cause a one byte heap overflow in…