CVE-2025-7458 — Integer Overflow or Wraparound in Sqlite

CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 75.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sqlite Ghost Sqlite3

Timeline

PublishedJul 29

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5sqlite/sqlite3.39.2 — 3.41.2

▶NVDsqlite/sqlite3.39.2 — 3.41.2

▶Debianghost/sqlite3< 3.42.0-1+1

Patches

Patch: sqlite.org ↗

🔴Vulnerability Details

OSV

CVE-2025-7458: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3↗2025-07-29

▶

CVEList

SQLite integer overflow in key info allocation may lead to information disclosure.↗2025-07-29

▶

GHSA

GHSA-h2g7-95mc-8g48: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3↗2025-07-29

▶

📋Vendor Advisories

Red Hat

sqlite: SQLite integer overflow↗2025-07-29

▶

Microsoft

SQLite integer overflow in key info allocation may lead to information disclosure.↗2025-07-08

▶

Debian

CVE-2025-7458: sqlite3 - An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite version...↗2025

▶