PT-2025-29558 · Sqlite+14 · Sqlite+14

Vlad Stolyarov

·

Publicado

2025-07-15

·

Atualizado

2026-04-22

·

CVE-2025-6965

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Summary

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.50.2
Description
SQLite versions before 3.50.2 are vulnerable to a memory corruption issue due to an integer overflow that can occur when the number of aggregate terms exceeds the number of available columns. This vulnerability (CVE-2025-6965) was proactively identified by Google’s AI agent, “Big Sleep,” before public disclosure and exploitation. This marks a significant advancement in AI-driven cybersecurity, demonstrating the potential for AI to detect and mitigate vulnerabilities before they are exploited by attackers.
Recommendations
Upgrade to SQLite version 3.50.2 or later to address this vulnerability.

Exploit

Correção

LPE

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-197

Identificadores relacionados

ALSA-2025:11803
ALSA-2025:11933
ALSA-2025:11992
ALSA-2025:12010
ALSA-2025:14101
ALSA-2025:20936
ALT-PU-2025-10051
AZL-65327
AZL-65507
BDU:2025-08786
BIT-SQLITE-2025-6965
CESA-2025_11803
CESA-2025_12010
CESA-2025_14101
CVE-2025-6965
ECHO-ADA7-FB58-6C9C
INFSA-2025_11802
INFSA-2025_11803
INFSA-2025_11992
INFSA-2025_12010
INFSA-2025_14101
INFSA-2025_20936
MGASA-2025-0267
OESA-2025-2160
OESA-2025-2161
OESA-2025-2256
OESA-2026-1769
OESA-2026-1770
OPENSUSE-SU-2025:15368-1
RHSA-2025:11802
RHSA-2025:11803
RHSA-2025:11933
RHSA-2025:11992
RHSA-2025:12010
RHSA-2025:12036
RHSA-2025:12349
RHSA-2025:12521
RHSA-2025:12522
RHSA-2025:12749
RHSA-2025:12901
RHSA-2025:12904
RHSA-2025:12905
RHSA-2025:14101
RHSA-2025:20936
RHSA-2025_11802
RHSA-2025_11803
RHSA-2025_11992
RHSA-2025_12010
RHSA-2025_14101
RHSA-2025_20936
RHSA-2026:0001
RHSA-2026:0076
RHSA-2026:0077
RHSA-2026:0078
SUSE-SU-2025:02672-1
SUSE-SU-2025:02744-1
SUSE-SU-2025:20561-1
SUSE-SU-2025:20674-1
SUSE-SU-2025_02672-1
SUSE-SU-2025_02744-1
USN-7676-1
USN-7679-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Apple Macos
Mysql Server
Red Hat
Red Os
Rocky Linux
Sqlite
Suse
Ubuntu