← volver
CVE-2025-29088

CVE-2025-29088

CVSS 5.6 MEDIUMEPSS 0.2%CWE-190
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Productos afectados
SQLite · SQLite

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4https://sqlite.org/forum/forumpost/48f365daechttps://sqlite.org/releaselog/3_49_1.htmlhttps://www.sqlite.org/cves.html