CVE-2025-3277

Published: Apr 14, 2025

Modified: May 27, 2025

PUBLISHED

Description

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

Vendor	Product	Versions
SQLite	sqlite	affected `< 3.49.1`

Weaknesses (CWE)

CWE-122

References

https://sqlite.org/src/info/498e3f1cf57f164f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-3277

Description

Affected Products

Weaknesses (CWE)

References