Siemens SIMATIC S7-1500 Heap-based Buffer Overflow (CVE-2025-3277)

An integer overflow can be triggered in SQLite's 'concatws' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-29087)

In SQLite, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the result buffer, and thus malloc may...

Linux Distros Unpatched Vulnerability : CVE-2025-3277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow can be triggered in SQLite's concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes...

ROS-20250929-06

A vulnerability in the SQL concatws function of the SQLite database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service via the malloc parameter...

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

...

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

...

K000151645: SQLite vulnerability CVE-2025-3277

Security Advisory Description An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer...

USN-7528-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled the concatws function. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. CVE-2025-29087, CVE-2025-3277 It w...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very lar...

SUSE-SU-2025:20323-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

BIT-SQLITE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

SUSE CVE-2025-3277

An integer overflow can be triggered in SQLite's concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

ALPINE-CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

UBUNTU-CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

CVE-2025-3277

SQLite CVE-2025-3277: An integer overflow in concat_ws() can cause a heap buffer overflow of ~4GB by using an untruncated original size to allocate and then write, potentially enabling arbitrary code execution. This is documented across multiple advisories (Debian, AlmaLinux, Fedora, AIX RPM advi...