CVE-2025-6965: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead…

high7.2CVSS 4.0

AVNACHATPPRLUINVCLVIHVALSCLSIHSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSNAUNRUVDRELUGreen

EXPLOIT

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_18.6_and_ipados	—	—
apple	ios_26_and_ipados	—	—
apple	macos_sequoia	—	—
apple	macos_tahoe	—	—
apple	tvos	—	—
apple	tvos	—	—
apple	visionos	—	—
apple	visionos	—	—
apple	watchos	—	—
apple	watchos	—	—
debian	sqlite3	< sqlite3 3.40.1-2+deb12u2 (bookworm)	sqlite3 3.40.1-2+deb12u2 (bookworm)
ghost	sqlite3	>= 0 < 3.40.1-2+deb12u2	3.40.1-2+deb12u2
ghost	sqlite3	>= 0 < 3.46.1-7	3.46.1-7
ghost	sqlite3	>= 0 < 3.46.1-7	3.46.1-7
ghost	sqlite3	>= 0 < 3.8.2-1ubuntu2.2+esm5	3.8.2-1ubuntu2.2+esm5
ghost	sqlite3	>= 0 < 3.11.0-1ubuntu1.5+esm3	3.11.0-1ubuntu1.5+esm3
ghost	sqlite3	>= 0 < 3.22.0-1ubuntu0.7+esm2	3.22.0-1ubuntu0.7+esm2
ghost	sqlite3	>= 0 < 3.31.1-4ubuntu0.7+esm1	3.31.1-4ubuntu0.7+esm1
msrc	azl3_sqlite_3.44.0-2	—	—
msrc	cbl2_sqlite_3.39.2-3	—	—
msrc	cbl2_sqlite_3.39.2-4	—	—
msrc	windows_10_version_1607	—	—
msrc	windows_10_version_1809	—	—
msrc	windows_10_version_21h2	—	—
msrc	windows_10_version_22h2	—	—

CVSS provenance

nvdv4.07.2HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green

osv7.2HIGH