Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2025-3277)

An integer overflow can be triggered in SQLite's 'concatws' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-29087)

In SQLite, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the result buffer, and thus malloc may...

Linux Distros Unpatched Vulnerability : CVE-2025-3277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow can be triggered in SQLite's concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes...

ROS-20250929-06

A vulnerability in the SQL concatws function of the SQLite database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service via the malloc parameter...

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

...

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

...

The vulnerability of the SQL concat_ws() function in the SQLite database management system, allowing a hacker to cause a service failure

The vulnerability of the SQL concatws function in the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure through the malloc parameter...

K000151645: SQLite vulnerability CVE-2025-3277

Security Advisory Description An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer...

USN-7528-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled the concatws function. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2025-29087, CVE-2025-3277 It w...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very lar...

SUSE-SU-2025:20323-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

BIT-SQLITE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

SUSE CVE-2025-3277

An integer overflow can be triggered in SQLite's concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

ALPINE-CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

UBUNTU-CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

CVE-2025-3277

SQLite CVE-2025-3277: An integer overflow in concat_ws() can cause a heap buffer overflow of ~4GB by using an untruncated original size to allocate and then write, potentially enabling arbitrary code execution. This is documented across multiple advisories (Debian, AlmaLinux, Fedora, AIX RPM advi...

CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...