CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6965 – Integer Truncation on SQLite
https://notcve.org/view.php?id=CVE-2025-6965
15 Jul 2025 — There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. • https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 • CWE-197: Numeric Truncation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3277 – SQLite: integer overflow in SQLite
https://notcve.org/view.php?id=CVE-2025-3277
14 Apr 2025 — An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. • https://sqlite.org/src/info/498e3f1cf57f164f • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
25 Dec 2023 — A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2021-31239 – Gentoo Linux Security Advisory 202311-03
https://notcve.org/view.php?id=CVE-2021-31239
09 May 2023 — An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected. • https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 65%CPEs: 5EXPL: 3CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
03 Aug 2022 — SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of t... • https://github.com/gmh5225/CVE-2022-35737 • CWE-129: Improper Validation of Array Index •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-45346
https://notcve.org/view.php?id=CVE-2021-45346
14 Feb 2022 — A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that yo... • https://github.com/guyinatuxedo/sqlite3_record_leaking • CWE-401: Missing Release of Memory after Effective Lifetime •