CVE-2025-7458
SQLite integer overflow in key info allocation may lead to information disclosure.
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
SQLite · SQLite¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →