CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7458 – SQLite integer overflow in key info allocation may lead to information disclosure.
https://notcve.org/view.php?id=CVE-2025-7458
29 Jul 2025 — An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause. Un desbordamiento de entero en la función sqlite3KeyInfoFromExprList en las versiones 3.39.2 a 3.41.1 de SQLite permite a un atacante con la capacidad de ejecutar ... • https://sqlite.org/forum/forumpost/16ce2bb7a639e29b • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6965 – Integer Truncation on SQLite
https://notcve.org/view.php?id=CVE-2025-6965
15 Jul 2025 — There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. • https://github.com/mariaecgzv/CVE-2025-6965- • CWE-197: Numeric Truncation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3277 – SQLite: integer overflow in SQLite
https://notcve.org/view.php?id=CVE-2025-3277
14 Apr 2025 — An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. • https://sqlite.org/src/info/498e3f1cf57f164f • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
25 Dec 2023 — A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46908 – Gentoo Linux Security Advisory 202311-03
https://notcve.org/view.php?id=CVE-2022-46908
12 Dec 2022 — SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. SQLite hasta 3.40.0, cuando depende de --safe para la ejecución de un script CLI que no es de confianza, no implementa correctamente el mecanismo de protección azProhibitedFunctions y, en su lugar, permite funciones UDF como WRITEFILE. It was discovered that SQLite incorrectly handled certain pr... • https://news.ycombinator.com/item?id=33948588 •
CVSS: 7.8EPSS: 64%CPEs: 5EXPL: 3CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
03 Aug 2022 — SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of t... • https://github.com/gmh5225/CVE-2022-35737 • CWE-129: Improper Validation of Array Index •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-45346
https://notcve.org/view.php?id=CVE-2021-45346
14 Feb 2022 — A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that yo... • https://github.com/guyinatuxedo/sqlite3_record_leaking • CWE-401: Missing Release of Memory after Effective Lifetime •