CVE-2025-7458

State: PUBLISHED · Published: 2025-07-29 · Updated: 2025-07-29 · Assigner: Google

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

CWE

CWE-190 — CWE-190 Integer Overflow or Wraparound

Affected

SQLite / SQLite — v=3.39.2 <3.41.2 [affected]

CVSS

4.0 score=6.9 severity=MEDIUM CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

References

https://sqlite.org/forum/forumpost/16ce2bb7a639e29b
https://sqlite.org/src/info/12ad822d9b827777 patch

Source

cvelistV5-main/cves/2025/7xxx/CVE-2025-7458.json