CVE-2025-6965
7.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green
Summary
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SQLite | SQLite | 0 < 3.50.2 | affected |
Weaknesses
- CWE-197: CWE-197: Numeric Truncation Error
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2025/Sep/57
- http://seclists.org/fulldisclosure/2025/Sep/56
- http://seclists.org/fulldisclosure/2025/Sep/53
- http://seclists.org/fulldisclosure/2025/Sep/58
- http://seclists.org/fulldisclosure/2025/Sep/49
- http://www.openwall.com/lists/oss-security/2025/09/06/1
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-485750.html
- https://cert-portal.siemens.com/productcert/html/ssa-225816.html
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.