Return to CVE list

CVE-2025-3277

0.0
Low

CVE-2025-3277

cve-coordination@google.com
Awaiting Analysis
View on MITREFind on GitHub

Description

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve-coordination@google.com
https://sqlite.org/src/info/498e3f1cf57f164f