CVE-2026-11822
Description
SQLite's FTS5 extension has memory corruption flaws allowing crashes, exhaustion, or RCE via crafted databases and MATCH queries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQLite's FTS5 extension has memory corruption flaws allowing crashes, exhaustion, or RCE via crafted databases and MATCH queries.
Vulnerability
SQLite versions prior to 3.53.2 contain memory corruption vulnerabilities within the FTS5 full-text search extension. These issues stem from an out-of-bounds read in fts5LeafSeek() triggered by an attacker-controlled loop bound, and a heap buffer overflow write in fts5ChunkIterate() caused by an integer underflow from a malformed continuation page [4]. These vulnerabilities are present in versions before 3.53.2 [1].
Exploitation
An attacker can exploit these vulnerabilities by supplying a crafted database containing malformed FTS5 page data. The vulnerability is triggered when an FTS5 MATCH query is executed against this malicious database. No specific authentication or network position requirements are mentioned, implying local or remote exploitation is possible if a database can be supplied [4].
Impact
Successful exploitation of these vulnerabilities can lead to process crashes, memory exhaustion, or arbitrary code execution. The scope of the compromise would be limited to the privileges of the SQLite process itself [4].
Mitigation
SQLite version 3.53.2, released on 2026-06-03, addresses these vulnerabilities [1]. Users are advised to upgrade to this version or later. No workarounds are mentioned in the available references, and the vulnerability is not listed as being actively exploited in the wild [4].
AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The FTS5 extension in SQLite does not properly validate data in crafted continuation pages, leading to memory corruption."
Attack vector
An attacker can supply a malicious database file containing malformed FTS5 page data. When an FTS5 MATCH query is executed against this database, the vulnerability can be triggered. This may lead to process crashes, memory exhaustion, or arbitrary code execution [ref_id=1]. The vulnerability is triggered by an out-of-bounds read in fts5LeafSeek() and a heap buffer overflow write in fts5ChunkIterate() [ref_id=1].
Affected code
The vulnerability resides in the FTS5 full-text search extension, specifically within the `fts5_index.c` file [ref_id=1, ref_id=2]. The functions `fts5LeafSeek()` and `fts5ChunkIterate()` are involved in the exploitation path.
What the fix does
The patch addresses potential buffer overwrites within the FTS5 extension when processing corrupt records [ref_id=1, ref_id=2]. Specifically, it adds checks to prevent memory corruption that could occur due to malformed continuation pages, thereby mitigating the risk of crashes or arbitrary code execution.
Preconditions
- inputThe attacker must provide a crafted database with malformed FTS5 page data.
- inputAn FTS5 MATCH query must be executed against the malicious database.
Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.