The vulnerability of the SQLite database management system’s API library allows a hacker to cause a service failure or execute arbitrary code.

🗓️ 28 Oct 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

SQLite API library flaw enables service failure or code execution via unvalidated array indexing in printf formats.

Reporter	Title	Published	Views	Family All 179
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities	14 Oct 202305:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	30 Mar 202315:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737)	17 Feb 202311:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9	8 Dec 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQLite (CVE-2022-35737)	31 Mar 202317:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities	15 Apr 202502:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SQLite denial of service vulnerability( CVE-2022-35737)	6 Jul 202317:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	30 Mar 202316:55	–	ibm
GithubExploit	Exploit for Improper Validation of Array Index in Sqlite	24 Oct 202215:36	–	githubexploit

Vulners

Node

hipp_wyrick_company sqliteRange1.0.12–3.39.2aurora

oracle communications_convergent_charging_controllerMatch6.0.1.0.0aurora

oracle communications_convergent_charging_controllerRange12.0.1.0.0–12.0.5.0.0aurora

oracle communications_network_charging_and_controlMatch6.0.1.0.0aurora

oracle communications_network_charging_and_controlRange12.0.1.0.0–12.0.5.0.0aurora

oracle mysql_workbenchRange≤8.0.30aurora

kramer_electronics kramer_viaMatch4.0.1.1328aurora

novell opensuse_leapMatch15.3

novell opensuse_leapMatch15.4

novell opensuse_leap_microMatch5.2

Source	Link
sqlite	www.sqlite.org/cves.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2022-35737
suse	www.suse.com/security/cve/CVE-2022-35737.html
oracle	www.oracle.com/security-alerts/cpuoct2022.html
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.7/
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-sqlite-cve-2022-35737/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/

05 Sep 2025 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 39.8

CVSS 210

EPSS0.11431