SQLite 3.44.0 < 3.49.1 Multiple Vulnerabilities

The version of SQLite installed on the remote host is 3.44.0 through 3.49.0 before 3.49.1. It is, therefore, affected by multiple vulnerabilities: - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer...

Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2023-264)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-264 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Astra Linux – Vulnerability in SQLite3

In SQLite 3.49.0 before 3.49.1, certain argument values passed to sqlite3dbconfig in the C-language API can cause a denial of service application crash. A sznBig multiplication is not cast to a 64-bit integer, which can lead to incorrect memory allocations...

TencentOS Server 4: sqlite (TSSA-2025:0063)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0063 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: sqlite (TSSA-2023:0007)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0007 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: sqlite (TSSA-2022:0173)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0173 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: sqlite (TSSA-2022:0111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Photon OS 4.0: Sqlite PHSA-2025-4.0-0790

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0790. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of the sqlite3_db_config() function in the sqlite3.c file of the SQLite database management system allows a attacker to cause a service failure.

The vulnerability of the sqlite3dbconfig function in the sqlite3.c file of the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure through the sznBig parameter...

The vulnerability of the SQL concat_ws() function in the SQLite database management system, allowing a hacker to cause a service failure

The vulnerability of the SQL concatws function in the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure through the malloc parameter...

Oracle Linux 8 : nodejs:22 (ELSA-2025-8506)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8506 advisory. - Update to 22.16.0 Fixes: CVE-2025-23166 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 - Update c-ares to newest version with fix for CVE-2025-314...

RHEL 10 : sqlite (RHSA-2025:7517)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7517 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...

Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...

GHSA-8VXJ-4CPH-C596 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

--allow-read / --allow-write permission bypass in `node:sqlite`

It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KEY, name...

RUSTSEC-2025-0138 --allow-read / --allow-write permission bypass in `node:sqlite`

It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KEY, name...

K000151645: SQLite vulnerability CVE-2025-3277

Security Advisory Description An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer...

Security update for sqlite3

This update for sqlite3 fixes the following issues: CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...