FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SQLite -- integer overflow in key info allocation

Affected packages
3.39.2,1 <= sqlite3 < 3.41.2,1

Details

VuXML ID f51077bd-6dd7-11f0-9d62-b42e991fc52e
Discovery 2025-07-29
Entry 2025-07-31
Modified 2025-08-01

[email protected] reports:

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

[source]

References

CVE Name CVE-2025-7458
URL https://nvd.nist.gov/vuln/detail/CVE-2025-7458

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.