CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.2%

CVSS Severity

CVSS v3 Score 5.6

References

https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
https://sqlite.org/forum/forumpost/48f365daec
https://sqlite.org/releaselog/3_49_1.html
https://www.sqlite.org/cves.html

Products affected by CVE-2025-29088

Sqlite » Sqlite » Version: 3.49.0

cpe:2.3:a:sqlite:sqlite:3.49.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-29088

Products

Pricing

Contact Us