CVE-2025-29088 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.6 MEDIUM	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
mitre	CNA	5.6 MEDIUM				CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
sqlite	sqlite	3.49.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

sqlite3

bullseye	postponed
bookworm	no-dsa
bullseye (security)	vulnerable
trixie	3.46.1-4 fixed
sid	3.46.1-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

sqlite

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

sqlite3

plucky	Fixed 3.46.1-3ubuntu0.1 released
oracular	Fixed 3.46.1-1ubuntu0.2 released
noble	Fixed 3.45.1-1ubuntu2.3 released
jammy	Fixed 3.37.2-2ubuntu0.4 released
focal	Fixed 3.31.1-4ubuntu0.7 released
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248

https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4

https://sqlite.org/forum/forumpost/48f365daec

https://sqlite.org/releaselog/3_49_1.html

https://www.sqlite.org/cves.html