CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GoogleCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
trixie
3.46.1-6
fixed
sid
3.46.1-7
fixed
Common Weakness Enumeration
References
https://sqlite.org/forum/forumpost/16ce2bb7a639e29b
https://sqlite.org/src/info/12ad822d9b827777