CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3277 – SQLite: integer overflow in SQLite
https://notcve.org/view.php?id=CVE-2025-3277
14 Apr 2025 — An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. • https://sqlite.org/src/info/498e3f1cf57f164f • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29088 – Ubuntu Security Notice USN-7528-1
https://notcve.org/view.php?id=CVE-2025-29088
10 Apr 2025 — An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. It was discovered that SQLite incorrectly handled the concat_ws function. An attacker could use this issue to cause SQLite... • https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29087 – Ubuntu Security Notice USN-7528-1
https://notcve.org/view.php?id=CVE-2025-29087
07 Apr 2025 — In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. It was discovered that SQLite incorrectly handled the concat_ws function. An attacker could use this issue to cause SQLite to crash, resulting in ... • https://www.sqlite.org/cves.html • CWE-190: Integer Overflow or Wraparound •