CVE-2025-3277

Name
CVE-2025-3277
Description
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve-coordination@google.com https://sqlite.org/src/info/498e3f1cf57f164f

Match rules

CPE URI Source package Min version Max version
concat-ws() == < 3.49.1 == < 3.49.1
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= None < 3.49.1
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= 3.44.0 < 3.49.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite edge-main 3.49.0-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.49.0-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.48.0-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.48.0-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.47.2-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.47.1-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite edge-main 3.36.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite edge-main 3.34.1-r0 None possibly vulnerable
sqlite edge-main 3.32.1-r0 None possibly vulnerable
sqlite edge-main 3.30.1-r3 None possibly vulnerable
sqlite edge-main 3.30.1-r1 None possibly vulnerable
sqlite edge-main 3.28.0-r0 None possibly vulnerable
sqlite 3.22-main 3.34.1-r0 None possibly vulnerable
sqlite 3.22-main 3.32.1-r0 None possibly vulnerable
sqlite 3.22-main 3.30.1-r3 None possibly vulnerable
sqlite 3.22-main 3.30.1-r1 None possibly vulnerable
sqlite 3.22-main 3.28.0-r0 None possibly vulnerable
sqlite 3.21-main 3.48.0-r4 Celeste <cielesti@protonmail.com> fixed
sqlite 3.21-main 3.48.0-r3 Celeste <cielesti@protonmail.com> fixed
sqlite 3.21-main 3.48.0-r2 Celeste <cielesti@protonmail.com> fixed
sqlite 3.21-main 3.48.0-r1 Celeste <cielesti@protonmail.com> fixed
sqlite 3.21-main 3.48.0-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite 3.21-main 3.47.1-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite 3.21-main 3.34.1-r0 None possibly vulnerable
sqlite 3.21-main 3.32.1-r0 None possibly vulnerable
sqlite 3.21-main 3.30.1-r3 None possibly vulnerable
sqlite 3.21-main 3.30.1-r1 None possibly vulnerable
sqlite 3.21-main 3.28.0-r0 None possibly vulnerable
sqlite 3.20-main 3.45.3-r2 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite 3.20-main 3.45.3-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
sqlite 3.20-main 3.34.1-r0 None possibly vulnerable
sqlite 3.20-main 3.32.1-r0 None possibly vulnerable
sqlite 3.20-main 3.30.1-r3 None possibly vulnerable
sqlite 3.20-main 3.30.1-r1 None possibly vulnerable
sqlite 3.20-main 3.28.0-r0 None possibly vulnerable
sqlite 3.19-main 3.44.2-r1 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.19-main 3.44.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.19-main 3.34.1-r0 None possibly vulnerable
sqlite 3.19-main 3.32.1-r0 None possibly vulnerable
sqlite 3.19-main 3.30.1-r3 None possibly vulnerable
sqlite 3.19-main 3.30.1-r1 None possibly vulnerable
sqlite 3.19-main 3.28.0-r0 None possibly vulnerable
qt6-qtwebengine edge-community 6.8.2-r4 Bart Ribbers <bribbers@disroot.org> fixed
qt6-qtwebengine 3.22-community 6.8.2-r4 None fixed