15 matches found
K000151645: SQLite vulnerability CVE-2025-3277
Security Advisory Description An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer...
SUSE-SU-2025:20323-1 Security update for sqlite3
This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...
SQLite: integer overflow in SQLite
A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...
BIT-SQLITE-2025-3277
An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...
CVE-2025-3277
An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...
CVE-2025-3277
SQLite CVE-2025-3277: An integer overflow in concat_ws() can cause a heap buffer overflow of ~4GB by using an untruncated original size to allocate and then write, potentially enabling arbitrary code execution. This is documented across multiple advisories (Debian, AlmaLinux, Fedora, AIX RPM advi...
CVE-2025-3277
An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...
sqlite -- integer overflow
[email protected] reports: An integer overflow can be triggered in SQLites concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffe...
SUSE CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
UBUNTU-CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
CVE-2025-29087
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...
sqlite -- integer overflow
[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...
SQLite report about CVE-2025-29087
Duplicate of CVE-2025-3277...
SQLite report about CVE-2025-3277
A bug in the concatws SQL function can cause a write past the end of an array obtained from malloc. If an attacker can control the first argument to concatws, so that the separator string is large - more than 2MB - then an integer overflow in the calculation of the size of the result buffer might...
PHPhotoalbum 0.5 Multiple Remote SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ============================================================== PHPhotoalbum 0.5 Multiple Remote SQL Injection Vulnerabilities ============================================================== Name : PHPhotoalbum v0.5 Multiple Remote SQL...