Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : SQLite vulnerabilities (USN-7528-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7528-1 advisory. It was discovered that SQLite incorrectly handled the concatws function. An attacker could use this issue to caus...

AlmaLinux 9 : nodejs:22 (ALSA-2025:7433)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7433 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 Tenable has extracted the preceding...

SUSE-SU-2025:20323-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...

RHSA-2025:7517 Red Hat Security Advisory: sqlite security update

Bulletin has no description...

Alibaba Cloud Linux 3 : 0111: sqlite (ALINUX3-SA-2022:0111)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0111 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13734: Out of bounds write in...

Alibaba Cloud Linux 3 : 0179: sqlite (ALINUX3-SA-2022:0179)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0179 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-35525: In SQlite 3.31.1, a...

Alibaba Cloud Linux 3 : 0016: sqlite (ALINUX3-SA-2023:0016)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0016 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-35737: SQLite 1.0.12 through 3.39.x before...

Alibaba Cloud Linux 3 : 0018: sqlite (ALINUX3-SA-2024:0018)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0018 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7104: A vulnerability was found in SQLite...

Alibaba Cloud Linux 3 : 0121: mingw packages (ALINUX3-SA-2022:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13734: Out of bounds write in...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

Important: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SQLite: integer overflow in SQLite

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

Medium: nodejs22

Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Affected Packages: nodejs22 Issue Correction: Run dnf update nodejs22 --releasever 2023.7.20250512 to update your system. New Packages: aarch64: ...

Medium: nodejs22

Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function...

Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2025-971)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-971 advisory. SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such ...

ALSA-2025:7433 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...

Important: sqlite

Issue Overview: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Affected Packages: sqlite Issue Correction: Run dn...

ALSA-2025:7517 Important: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 SQLite: integer overflow in SQLite CVE-2025-3277 For more details about the...