Impact
An issue in SQLite before the code change identified by check-in 869a51ae84df allows a local attacker to obtain sensitive data by exploiting the Session Extension changeset concat/changegroup merge path. The flaw is a buffer over‑read that can expose confidential information stored in the database to the user executing the database. The primary impact is that an attacker with local file system access may read data they are not authorized to see, potentially compromising data confidentiality and integrity.
Affected Systems
The vulnerability affects the SQLite database engine, specifically any application that uses a version released prior to the mentioned check-in. No vendor or product name beyond SQLite is provided in the CVE data.
Risk and Exploitability
The CVSS score of 6.1 indicates a medium‑to‑high severity vulnerability. Exploit probability is uncertain because the EPSS score is not available, and it is not listed in CISA’s KEV catalog, suggesting no publicly known exploits at this time. An attacker would need local access and the ability to manipulate the Session Extension changeset merge path; the attack remains local and requires some privilege to write or command the database engine.
OpenCVE Enrichment