BIT-SQLITE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the SQLITEDBCONFIGLOOKASIDE interface. An attacker can disrupt service by supplying inputs with out-of-bounds arguments to sqlite3dbconfig. Remediation Upgrade sqlite3 to version 3.49.1 or higher...

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

CVE-2025-29088

Technical details for CVE-2025-29088 are not publicly available in the provided documents. The connected Astra Linux entry contains a rejection/duplicate note and omits specifics. Monitor for official disclosures or vendor advisories to obtain exact affected products, versions, and fixes.

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

SQLite 输入验证错误漏洞

SQLite is a lightweight database from the SQLite open source, an ACID-compliant relational database management system. A security vulnerability exists in SQLite version 3.49.0 that stems from an issue with the SQLITEDBCONFIGLOOKASIDE component that could lead to a denial of service...

CVE-2025-29087

A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concatws function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

CVE-2025-29087 concerns SQLite: concat_ws() can write beyond the end of a malloc’d buffer in versions 3.44.0–3.49.0 when a large, attacker-controlled separator is supplied, triggering an integer overflow while sizing the result buffer. This may lead to memory corruption or a crash. A fix is avail...

SQLite 安全漏洞

SQLite is a lightweight database from the SQLite open source, a relational database management system that adheres to ACID. A security vulnerability exists in SQLite version 3.49.0, which stems from a concat function that could lead to an integer overflow...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

sqlite -- integer overflow

[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...

ROS-20250403-03

Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...

Linux Distros Unpatched Vulnerability : CVE-2019-20218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. CVE-2019-20218 Note that Nessus relies on the presenc...

Linux Distros Unpatched Vulnerability : CVE-2020-13631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13631 Note that Ness...

PT-2025-15279

Name of the Vulnerable Software and Affected Versions Sqlite version 3.49.0 Description The issue is related to an integer overflow in the concat function. Recommendations For Sqlite version 3.49.0, at the moment, there is no information about a newer version that contains a fix for this...

PT-2025-16260

Name of the Vulnerable Software and Affected Versions: SQLite affected versions not specified Description: An integer overflow can be triggered in SQLite's concat ws function, leading to a Heap Buffer overflow of size 4GB, which can result in arbitrary code execution. This occurs because the...