SUSE-SU-2026:1065-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Fix the WAL-reset database...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sqlite3 (SUSE-SU-2026:0432-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0432-1 advisory. - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. bsc1254670 Tenable...

SUSE CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

CVE-2025-7709

CVE-2025-7709 affects the SQLite FTS5 extension. The issue is an integer overflow when sizing an array of tombstone pointers, truncating a 64-bit size to 32-bit and enabling a write beyond allocated bounds to partially controlled data. Public records reference SQLite

CLSA-2022-1665073587 Fixed CVEs in sqlite: CVE-2020-35525, CVE-2021-20223

CVE-2021-20223: prevent fts5 tokenizer unicode61 from considering '\0' to be a token characters, even if other characters of class "Cc" are. - CVE-2020-35525: fix a potential null pointer dereference...