Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-3277

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.9%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-3277
  • Sqlite » Sqlite » Version: 3.44.0
    cpe:2.3:a:sqlite:sqlite:3.44.0
  • Sqlite » Sqlite » Version: 3.44.1
    cpe:2.3:a:sqlite:sqlite:3.44.1
  • Sqlite » Sqlite » Version: 3.44.2
    cpe:2.3:a:sqlite:sqlite:3.44.2
  • Sqlite » Sqlite » Version: 3.44.3
    cpe:2.3:a:sqlite:sqlite:3.44.3
  • Sqlite » Sqlite » Version: 3.45.0
    cpe:2.3:a:sqlite:sqlite:3.45.0
  • Sqlite » Sqlite » Version: 3.45.1
    cpe:2.3:a:sqlite:sqlite:3.45.1
  • Sqlite » Sqlite » Version: 3.45.2
    cpe:2.3:a:sqlite:sqlite:3.45.2
  • Sqlite » Sqlite » Version: 3.45.3
    cpe:2.3:a:sqlite:sqlite:3.45.3
  • Sqlite » Sqlite » Version: 3.46.0
    cpe:2.3:a:sqlite:sqlite:3.46.0
  • Sqlite » Sqlite » Version: 3.46.1
    cpe:2.3:a:sqlite:sqlite:3.46.1
  • Sqlite » Sqlite » Version: 3.47.0
    cpe:2.3:a:sqlite:sqlite:3.47.0
  • Sqlite » Sqlite » Version: 3.47.1
    cpe:2.3:a:sqlite:sqlite:3.47.1
  • Sqlite » Sqlite » Version: 3.47.2
    cpe:2.3:a:sqlite:sqlite:3.47.2
  • Sqlite » Sqlite » Version: 3.48.0
    cpe:2.3:a:sqlite:sqlite:3.48.0
  • Sqlite » Sqlite » Version: 3.49.0
    cpe:2.3:a:sqlite:sqlite:3.49.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved