VYPR

rpm package

suse/sqlite3&distro=SUSE Manager Proxy 4.3

pkg:rpm/suse/sqlite3&distro=SUSE%20Manager%20Proxy%204.3

Vulnerabilities (3)

  • CVE-2025-3277Apr 14, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of

  • CVE-2025-29088Apr 10, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

  • CVE-2025-29087Apr 7, 2025
    affected < 3.49.1-150000.3.27.1fixed 3.49.1-150000.3.27.1

    In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calcu