Search for vulnerabilities
Vulnerability details: VCID-7r9m-bmx1-pfhr
Vulnerability ID VCID-7r9m-bmx1-pfhr
Aliases CVE-2022-35737
GHSA-jw36-hf63-69r9
Summary SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-129 Improper Validation of Array Index
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35737.json
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
epss 0.63953 https://api.first.org/data/v1/epss?cve=CVE-2022-35737
cvssv3.1 7.5 https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api
generic_textual HIGH https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api
cvssv3.1 6.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jw36-hf63-69r9
cvssv3.1 7.5 https://github.com/rusqlite/rusqlite
generic_textual HIGH https://github.com/rusqlite/rusqlite
cvssv3.1 7.5 https://kb.cert.org/vuls/id/720344
generic_textual HIGH https://kb.cert.org/vuls/id/720344
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35737
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-35737
cvssv3.1 7.5 https://rustsec.org/advisories/RUSTSEC-2022-0090.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2022-0090.html
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-40
generic_textual HIGH https://security.gentoo.org/glsa/202210-40
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220915-0009
generic_textual HIGH https://security.netapp.com/advisory/ntap-20220915-0009
cvssv3.1 7.5 https://sqlite.org/releaselog/3_39_2.html
generic_textual HIGH https://sqlite.org/releaselog/3_39_2.html
cvssv3.1 7.5 https://www.sqlite.org/cves.html
generic_textual HIGH https://www.sqlite.org/cves.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35737.json
https://api.first.org/data/v1/epss?cve=CVE-2022-35737
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rusqlite/rusqlite
https://kb.cert.org/vuls/id/720344
https://nvd.nist.gov/vuln/detail/CVE-2022-35737
https://rustsec.org/advisories/RUSTSEC-2022-0090.html
https://security.gentoo.org/glsa/202210-40
https://security.netapp.com/advisory/ntap-20220915-0009
https://security.netapp.com/advisory/ntap-20220915-0009/
https://sqlite.org/releaselog/3_39_2.html
https://www.sqlite.org/cves.html
2110291 https://bugzilla.redhat.com/show_bug.cgi?id=2110291
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
GHSA-jw36-hf63-69r9 https://github.com/advisories/GHSA-jw36-hf63-69r9
RHSA-2023:0110 https://access.redhat.com/errata/RHSA-2023:0110
RHSA-2023:0339 https://access.redhat.com/errata/RHSA-2023:0339
RHSA-2024:0425 https://access.redhat.com/errata/RHSA-2024:0425
USN-5712-1 https://usn.ubuntu.com/5712-1/
USN-5716-1 https://usn.ubuntu.com/5716-1/
USN-5716-2 https://usn.ubuntu.com/5716-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35737.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rusqlite/rusqlite
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://kb.cert.org/vuls/id/720344
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35737
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2022-0090.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-40
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220915-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://sqlite.org/releaselog/3_39_2.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.sqlite.org/cves.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98332
EPSS Score 0.63953
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:33:40.359584+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.19/main.json 37.0.0