I’m Emanuel, a full-time Computer Science student by day, and avid gamer by night
- I enjoy learning new things, particularly through language study and travel
- My favorite pastime is reading fantasy, science fiction, and manga in particular
- Here’s some music I like at the moment, enjoy your stay:
Introduction A while ago Project Zero, the vulnerability research of Google, began evaluating the offensive capabilities of Large Language Models. That then evolved into Project Naptime a framework for LLM assisted vulnerability research, which eventually merged with Google’s Deep Mind in a joint collaborative project “Big Sleep”. Big Sleep Big Sleep discovered an exploitable stack buffer underflow in SQLite, a widely used open source database engine. Specifically, Big Sleep discovered a pattern in the code of a publicly released version of SQLite that creates a potential edge case that needs to be handled by all code that uses the field, the researchers noted. A function in the code failed to correctly handle the edge case, “resulting in a write into a stack buffer with a negative index when handling a query with a constraint on the ‘rowid’ column,” thus creating an exploitable flaw, according to the post. ...