CVE-2025-29088
published 2025-04-10CVE-2025-29088: In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.46.1-4 (forky) | sqlite3 3.46.1-4 (forky) |
| ghost | sqlite3 | >= 0 < 3.46.1-4 | 3.46.1-4 |
| ghost | sqlite3 | >= 0 < 3.46.1-4 | 3.46.1-4 |
| ghost | sqlite3 | >= 0 < 3.31.1-4ubuntu0.7 | 3.31.1-4ubuntu0.7 |
| ghost | sqlite3 | >= 0 < 3.37.2-2ubuntu0.4 | 3.37.2-2ubuntu0.4 |
| ghost | sqlite3 | >= 0 < 3.45.1-1ubuntu2.3 | 3.45.1-1ubuntu2.3 |
| ghost | sqlite3 | >= 0 < 3.8.2-1ubuntu2.2+esm5 | 3.8.2-1ubuntu2.2+esm5 |
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.5+esm3 | 3.11.0-1ubuntu1.5+esm3 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.7+esm2 | 3.22.0-1ubuntu0.7+esm2 |
| ghost | sqlite3 | >= 0 < 3.31.1-4ubuntu0.7+esm1 | 3.31.1-4ubuntu0.7+esm1 |
| sqlite | sqlite | — | — |
| sqlite | sqlite | >= 3.49.0 < 3.49.1 | 3.49.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH