rpm package
suse/sqlite3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6965 | Cri | 9.8 | < 3.50.2-150000.3.33.1 | 3.50.2-150000.3.33.1 | Jul 15, 2025 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | |
| CVE-2025-3277 | — | < 3.49.1-150000.3.27.1 | 3.49.1-150000.3.27.1 | Apr 14, 2025 | An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of | ||
| CVE-2025-29088 | — | < 3.49.1-150000.3.27.1 | 3.49.1-150000.3.27.1 | Apr 10, 2025 | In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. | ||
| CVE-2025-29087 | — | < 3.49.1-150000.3.27.1 | 3.49.1-150000.3.27.1 | Apr 7, 2025 | In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calcu | ||
| CVE-2023-2137 | — | < 3.44.0-150000.3.23.1 | 3.44.0-150000.3.23.1 | Apr 19, 2023 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-46908 | — | < 3.39.3-150000.3.20.1 | 3.39.3-150000.3.20.1 | Dec 12, 2022 | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. |
- affected < 3.50.2-150000.3.33.1fixed 3.50.2-150000.3.33.1
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
- CVE-2025-3277Apr 14, 2025affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of
- CVE-2025-29088Apr 10, 2025affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
- CVE-2025-29087Apr 7, 2025affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calcu
- CVE-2023-2137Apr 19, 2023affected < 3.44.0-150000.3.23.1fixed 3.44.0-150000.3.23.1
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-46908Dec 12, 2022affected < 3.39.3-150000.3.20.1fixed 3.39.3-150000.3.20.1
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.