QwikSec

Security Database

CVE

CWE

Training

CVE-2025-29088

Published: Apr 10, 2025

Modified: Aug 26, 2025

PUBLISHED

CVSS v3.1

5.6

MEDIUM

Description

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Vendor	Product	Versions
SQLite	SQLite	affected `3.49.0 - < 3.49.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://www.sqlite.org/cves.html

https://sqlite.org/forum/forumpost/48f365daec

https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4

https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248

https://sqlite.org/releaselog/3_49_1.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.