CVE-2025-29087

Low CVSS: 3.2

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

Vendor

Sqlite

Product

Sqlite

CWE

CWE-190

Yayın Tarihi

2025-04-07 20:15:20

Güncelleme

2025-04-30 12:43:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-190 Sqlite LOW Sqlite 2025

Referanslar

https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://sqlite.org/releaselog/3_49_1.html https://www.sqlite.org/cves.html

Benzer Kayıtlar

Medium

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attack…

High

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the numbe…

Medium

CVE-2025-3277

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used t…

Medium

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial…