CVE-2025-70873
CVE-2025-70873
In short
SQLite's ZIP file handling has a flaw that can leak sensitive data from the server's memory when processing specially crafted ZIP files. An attacker can exploit this by uploading or providing a malicious ZIP file to extract confidential information.
Technical detail
The zipfileInflate function in SQLite's zipfile extension (v3.51.1 and earlier) contains an information disclosure vulnerability (CWE-244) that exposes heap memory contents. Attack vector requires processing a maliciously crafted ZIP file; impact allows unauthorized access to sensitive data resident in memory without requiring elevated privileges.
Summary generated and translated by AI from the official description.
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →