CVE-2025-29087
published 2025-04-07CVE-2025-29087: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.46.1-3 (forky) | sqlite3 3.46.1-3 (forky) |
| ghost | sqlite3 | >= 0 < 3.46.1-3 | 3.46.1-3 |
| ghost | sqlite3 | >= 0 < 3.46.1-3 | 3.46.1-3 |
| ghost | sqlite3 | >= 0 < 3.31.1-4ubuntu0.7 | 3.31.1-4ubuntu0.7 |
| ghost | sqlite3 | >= 0 < 3.37.2-2ubuntu0.4 | 3.37.2-2ubuntu0.4 |
| ghost | sqlite3 | >= 0 < 3.45.1-1ubuntu2.3 | 3.45.1-1ubuntu2.3 |
| msrc | azl3_libdb_5.3.28-9_on_azure_linux_3.0 | — | — |
| msrc | azl3_sqlite_3.44.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libdb_5.3.28-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_sqlite_3.39.2-3_on_cbl_mariner_2.0 | — | — |
| sqlite | sqlite | >= 3.44.0 < 3.49.1 | 3.49.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH