SQLite is widely used as embedded database software for local/client storage in application software, such as web browsers and mobile applications. As a relational database, SQLite is vulnerable to SQL injection attack, which has been well-studied for a long time. Memory corruption bugs in SQLite are usually not considered security issues, since they are normally unlikely to be exploitable. In this talk, we will study several remotely exploitable memory corruption cases to show the dangerous attack surface in SQLite.
By Siji Feng & Zhi Zhou & Kun Yang
Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#many-birds-one-stone-exploiting-a-single-sqlite-vulnerability-across-multiple-software