CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29088
https://notcve.org/view.php?id=CVE-2025-29088
10 Apr 2025 — An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. • https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29087
https://notcve.org/view.php?id=CVE-2025-29087
07 Apr 2025 — In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. • https://www.sqlite.org/cves.html • CWE-190: Integer Overflow or Wraparound •