CVE-2025-3277

Medium CVSS: 6.9

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

Vendor

Sqlite

Product

Sqlite

CWE

CWE-122

Yayın Tarihi

2025-04-14 17:15:27

Güncelleme

2025-08-18 21:28:16

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-122 Sqlite MEDIUM Sqlite 2025

Referanslar

https://sqlite.org/src/info/498e3f1cf57f164f

Benzer Kayıtlar

Medium

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attack…

High

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the numbe…

Medium

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial…

Low

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the en…