VYPR

rpm package

suse/sqlite3&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Vulnerabilities (8)

  • CVE-2026-11824HigJun 9, 2026
    affected < 3.53.2-150000.3.42.1fixed 3.53.2-150000.3.42.1

    SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value sma

  • CVE-2026-11822HigJun 9, 2026
    affected < 3.53.2-150000.3.42.1fixed 3.53.2-150000.3.42.1

    SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigge

  • CVE-2025-70873HigMar 12, 2026
    affected < 3.51.3-150000.3.39.1fixed 3.51.3-150000.3.39.1

    An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

  • CVE-2025-7709MedSep 8, 2025
    affected < 3.51.2-150000.3.36.1fixed 3.51.2-150000.3.36.1

    An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

  • CVE-2025-6965CriJul 15, 2025
    affected < 3.50.2-150000.3.33.1fixed 3.50.2-150000.3.33.1

    There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

  • CVE-2025-3277Apr 14, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of

  • CVE-2025-29088Apr 10, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

  • CVE-2025-29087Apr 7, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calcu