LLM(1800)_Krot_Studio_Alamy

Google: Big Sleep first real-world vulnerability discovered

Introduction A while ago Project Zero, the vulnerability research of Google, began evaluating the offensive capabilities of Large Language Models. That then evolved into Project Naptime a framework for LLM assisted vulnerability research, which eventually merged with Google’s Deep Mind in a joint collaborative project “Big Sleep”. Big Sleep Big Sleep discovered an exploitable stack buffer underflow in SQLite, a widely used open source database engine. Specifically, Big Sleep discovered a pattern in the code of a publicly released version of SQLite that creates a potential edge case that needs to be handled by all code that uses the field, the researchers noted. A function in the code failed to correctly handle the edge case, “resulting in a write into a stack buffer with a negative index when handling a query with a constraint on the ‘rowid’ column,” thus creating an exploitable flaw, according to the post. ...