CVE-2025-6965

Name

CVE-2025-6965

Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve-coordination@google.com	https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/49
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/53
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/56
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/57
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/58
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/06/1

Match rules

CPE URI	Source package	Min version	Max version
	sqlite	>= 0	< 3.50.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
sqlite	edge-main	3.50.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.50.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.49.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.49.1-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.49.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.49.0-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.49.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.48.0-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.48.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.47.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	edge-main	3.47.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
qt6-qtwebengine	edge-community	6.10.0-r1	Bart Ribbers <bribbers@disroot.org>	fixed
sqlite	3.22-main	3.49.2-r1	Celeste <cielesti@protonmail.com>	fixed
sqlite	3.22-main	3.49.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
qt6-qtwebengine	3.22-community	6.8.3-r4	Bart Ribbers <bribbers@disroot.org>	fixed
sqlite	3.21-main	3.48.0-r4	Celeste <cielesti@protonmail.com>	fixed
sqlite	3.21-main	3.48.0-r3	Celeste <cielesti@protonmail.com>	fixed
sqlite	3.21-main	3.48.0-r2	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.21-main	3.48.0-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.21-main	3.48.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.21-main	3.47.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.20-main	3.45.3-r2	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.20-main	3.45.3-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
sqlite	3.19-main	3.44.2-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
sqlite	3.19-main	3.44.2-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable