CVE-2025-29088

Medium CVSS: 5.6

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Vendor

Sqlite

Product

Sqlite

CWE

CWE-190

Yayın Tarihi

2025-04-10 14:15:27

Güncelleme

2025-09-30 16:59:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-190 Sqlite MEDIUM Sqlite 2025

Referanslar

https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248 https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4 https://sqlite.org/forum/forumpost/48f365daec https://sqlite.org/releaselog/3_49_1.html https://www.sqlite.org/cves.html

Benzer Kayıtlar

Medium

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attack…

High

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the numbe…

Medium

CVE-2025-3277

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used t…

Low

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the en…