SQLite Denial-of-Service Vulnerability via Integer Overflow in Database Configuration

A denial-of-service vulnerability has been identified in SQLite versions 3.49.0 prior to 3.49.1. The issue arises in the 'setupLookaside' function of the C-language API, specifically within the 'sqlite3_db_config' database configuration option. The vulnerability is caused by an integer overflow when certain argument values are used, leading to an application crash. The problem occurs because the multiplication of the 'sz' (size of lookaside buffer slots) and 'cnt' (number of slots) parameters is not properly cast to a 64-bit integer, resulting in incorrect memory allocations.

Impact

Exploitation of this vulnerability causes an application crash, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by calling the 'sqlite3_db_config' function with the 'SQLITE_DBCONFIG_LOOKASIDE' option, using a 'sz' value greater than 65528 and a 'cnt' value that, when multiplied by 'sz', exceeds 2,147,483,648. This will trigger the integer overflow in the 'setupLookaside' function, causing incorrect memory allocation and a subsequent application crash.

Remediation

Users can upgrade to SQLite version 3.49.1, which addresses the vulnerability by enhancing the 'SQLITE_DBCONFIG_LOOKASIDE' interface to prevent misuse and integer overflow. Instructions for downloading the latest version of SQLite are available on the official SQLite website.