https://miscreants.github.io/blog.trailofbits.com/authors/andreas-kellas/Recent content in Andreas Kellas on The Trail of Bits BlogHugoen-usThu, 10 Nov 2022 07:30:53 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/Thu, 10 Nov 2022 07:30:53 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/Trail of Bits recently published a blog post about a signed integer overflow in certain versions of SQLite that can enable arbitrary code execution and result in a denial of service. While working on proof-of-concept exploits for that vulnerability, we noticed that the compiler’s representation of an important integer variable is semantically […]https://miscreants.github.io/blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/Tue, 25 Oct 2022 07:30:10 -0400https://miscreants.github.io/blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022). CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is […]