VulnerableCode Package Details - pkg:deb/debian/sqlite3@3.40.1-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-macf-2xgx-6yfv Aliases: CVE-2025-6965	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.	3.40.1-2+deb12u2 Affected by 0 other vulnerabilities. 3.46.1-7 Affected by 0 other vulnerabilities.
VCID-uh8c-3dwn-5bce Aliases: CVE-2025-29088	In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.	3.40.1-2+deb12u2 Affected by 0 other vulnerabilities. 3.46.1-7 Affected by 0 other vulnerabilities.
VCID-vrnh-msaa-67a1 Aliases: CVE-2025-7458	An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.	3.40.1-2+deb12u2 Affected by 0 other vulnerabilities. 3.46.1-7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-macf-2xgx-6yfv
Aliases:
CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

3.40.1-2+deb12u2
Affected by 0 other vulnerabilities.

3.46.1-7
Affected by 0 other vulnerabilities.

VCID-uh8c-3dwn-5bce
Aliases:
CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

3.40.1-2+deb12u2
Affected by 0 other vulnerabilities.

3.46.1-7
Affected by 0 other vulnerabilities.

VCID-vrnh-msaa-67a1
Aliases:
CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

3.40.1-2+deb12u2
Affected by 0 other vulnerabilities.

3.46.1-7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T14:46:45.301937+00:00	Debian Oval Importer	Fixing	VCID-z47k-7g96-puev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:21:49.869971+00:00	Debian Importer	Affected by	VCID-macf-2xgx-6yfv	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:57:21.913744+00:00	Debian Importer	Affected by	VCID-uh8c-3dwn-5bce	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:40:11.552808+00:00	Debian Importer	Fixing	VCID-7r9m-bmx1-pfhr	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:14:27.430432+00:00	Debian Importer	Affected by	VCID-vrnh-msaa-67a1	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T11:54:28.412369+00:00	Debian Oval Importer	Fixing	VCID-uwe8-xnmp-5kh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0