CVE-2025-3277 | THREATINT

Description

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

PUBLISHED Reserved 2025-04-04 | Published 2025-04-14 | Updated 2025-05-27 | Assigner Google

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

< 3.49.1

affected

Credits

王跃林 (Yuelin Wang) finder

References

sqlite.org/src/info/498e3f1cf57f164f

cve.org (CVE-2025-3277)

nvd.nist.gov (CVE-2025-3277)

Download JSON