symisc UnQLite Heap-Based Buffer Overflow Vulnerability in Perl Integration
Vulnerability
A heap-based buffer overflow vulnerability has been identified in symisc UnQLite versions through 0.06 for Perl. This issue arises because the UnQLite library embedded in the Perl module is outdated and potentially insecure, having been sourced from 2014. The vulnerability is located in the function jx9MemObjStore within the UnQLite C file, and can be exploited on the local host.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, causing memory corruption.
Reproduction
The vulnerability can be reproduced by using the UnQLite Perl module version 0.06 or earlier, which contains the insecure version of the embedded UnQLite library. The buffer overflow can be triggered by manipulating the jx9MemObjStore function, as detailed in the public exploit available on the UnQLite GitHub repository.
Remediation
Users are advised to update to UnQLite version 1.1.9 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.