SQLite Integer Overflow Vulnerability in Lookaside Configuration Leading to Denial-of-Service

An integer overflow vulnerability has been identified in SQLite version 3.50.0. This vulnerability allows remote attackers to cause a denial-of-service by manipulating the lookaside memory allocation. The issue arises from unchecked multiplication in the 'setupLookaside' function, which can lead to negative values and invalid memory writes.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by opening a SQLite database and configuring a malicious lookaside memory allocation that causes an integer overflow. This can be done by setting the size to 140 and the count to a value that, when multiplied, exceeds the integer limit and wraps around to a negative value. After configuring the lookaside pool, creating a table and inserting a large number of records will exercise the corrupted lookaside configuration, causing the heap-buffer-overflow.