Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.3%
CVSS Severity
CVSS v3 Score 3.2
Products affected by CVE-2025-29087
  • Sqlite » Sqlite » Version: 3.44.0
    cpe:2.3:a:sqlite:sqlite:3.44.0
  • Sqlite » Sqlite » Version: 3.44.1
    cpe:2.3:a:sqlite:sqlite:3.44.1
  • Sqlite » Sqlite » Version: 3.44.2
    cpe:2.3:a:sqlite:sqlite:3.44.2
  • Sqlite » Sqlite » Version: 3.44.3
    cpe:2.3:a:sqlite:sqlite:3.44.3
  • Sqlite » Sqlite » Version: 3.45.0
    cpe:2.3:a:sqlite:sqlite:3.45.0
  • Sqlite » Sqlite » Version: 3.45.1
    cpe:2.3:a:sqlite:sqlite:3.45.1
  • Sqlite » Sqlite » Version: 3.45.2
    cpe:2.3:a:sqlite:sqlite:3.45.2
  • Sqlite » Sqlite » Version: 3.45.3
    cpe:2.3:a:sqlite:sqlite:3.45.3
  • Sqlite » Sqlite » Version: 3.46.0
    cpe:2.3:a:sqlite:sqlite:3.46.0
  • Sqlite » Sqlite » Version: 3.46.1
    cpe:2.3:a:sqlite:sqlite:3.46.1
  • Sqlite » Sqlite » Version: 3.47.0
    cpe:2.3:a:sqlite:sqlite:3.47.0
  • Sqlite » Sqlite » Version: 3.47.1
    cpe:2.3:a:sqlite:sqlite:3.47.1
  • Sqlite » Sqlite » Version: 3.47.2
    cpe:2.3:a:sqlite:sqlite:3.47.2
  • Sqlite » Sqlite » Version: 3.48.0
    cpe:2.3:a:sqlite:sqlite:3.48.0
  • Sqlite » Sqlite » Version: 3.49.0
    cpe:2.3:a:sqlite:sqlite:3.49.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved