Andreas Kellas

**Name of the Vulnerable Software and Affected Versions** SQLite versions 1.0.12 through 3.39.x before 3.39.2 **Description** The issue is related to an array-bounds overflow in the SQLite API library, which can be triggered by a remote attacker using a long sequence of string data processed by the `printf` function with a format string containing `%Q`, `%q`, or `%w` types. This can lead to a denial of service or the execution of arbitrary code. The vulnerability is associated with the use of billions of bytes in a string argument to a C API. **Recommendations** For SQLite versions 1.0.12 through 3.39.x before 3.39.2, update to version 3.39.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `printf` function with format strings containing `%Q`, `%q`, or `%w` types to minimize the risk of exploitation. Avoid using large string inputs in the `printf` function until the issue is resolved.