In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 30 Apr 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Sqlite
Sqlite sqlite
CPEs cpe:2.3:a:sqlite:sqlite:3.49.0:*:*:*:*:*:*:*
Vendors & Products Sqlite
Sqlite sqlite

Mon, 14 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Description An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
References

Mon, 14 Apr 2025 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L'}


Sat, 12 Apr 2025 02:15:00 +0000

Type Values Removed Values Added
Title sqlite: Denial of Service in SQLite
Weaknesses CWE-190
References
Metrics threat_severity

None

threat_severity

Moderate


Fri, 11 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 10 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Description An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-26T19:27:20.720Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29088

cve-icon Vulnrichment

Updated: 2025-04-11T19:44:27.173Z

cve-icon NVD

Status : Modified

Published: 2025-04-10T14:15:27.163

Modified: 2025-08-26T20:15:39.470

Link: CVE-2025-29088

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-10T00:00:00Z

Links: CVE-2025-29088 - Bugzilla

cve-icon OpenCVE Enrichment

No data.