CVE-2025-7458

Medium CVSS: 6.9

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Vendor

Sqlite

Product

Sqlite

CWE

CWE-190

Yayın Tarihi

2025-07-29 13:15:28

Güncelleme

2025-08-11 19:11:30

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-190 Sqlite MEDIUM Sqlite 2025

Referanslar

https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777

Benzer Kayıtlar

High

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the numbe…

Medium

CVE-2025-3277

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used t…

Medium

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial…

Low

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the en…