CVE-2025-7458

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions SQLite versions 3.39.2 through 3.41.1

Description An integer overflow in the sqlite3KeyInfoFromExprList function allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Recommendations Update to a version later than 3.41.1.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-65990

BDU:2025-15559

BIT-SQLITE-2025-7458

CVE-2025-7458

ECHO-9678-FC39-111A

Affected Products

Debian

Sqlite

CVE-2025-7458

Weakness Enumeration

Related Identifiers

Affected Products

References · 20