BIT-sqlite-2025-7458

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/sqlite/BIT-sqlite-2025-7458.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-sqlite-2025-7458
Aliases
Published
2025-07-31T05:52:24.171Z
Modified
2025-07-31T07:14:43.407439Z
Summary
SQLite integer overflow in key info allocation may lead to information disclosure.
Details

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Database specific
{
    "cpes": [
        "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / sqlite

Package

Name
sqlite
Purl
pkg:bitnami/sqlite

Severity

  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.39.2
Fixed
3.41.2