AZL-65990

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65990.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-65990

Upstream

CVE-2025-7458

Published

2025-07-29T13:15:28Z

Modified

2026-04-21T04:37:44.504692Z

Summary

CVE-2025-7458 affecting package sqlite for versions less than 3.39.2-4

Details

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-7458

Affected packages

Azure Linux:2 / sqlite

Package

Name: sqlite
Purl: pkg:rpm/azure-linux/sqlite

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.39.2-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65990.json"