{"id":"BIT-sqlite-2025-29087","details":"In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.","aliases":["CVE-2025-29087"],"modified":"2026-02-11T09:32:46.394406Z","published":"2025-04-11T19:26:41.394Z","database_specific":{"cpes":["cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29087"},{"type":"WEB","url":"https://sqlite.org/releaselog/3_49_1.html"},{"type":"WEB","url":"https://www.sqlite.org/cves.html"},{"type":"WEB","url":"https://sqlite.org/src/info/498e3f1cf57f164f"}],"affected":[{"package":{"name":"sqlite","ecosystem":"Bitnami","purl":"pkg:bitnami/sqlite"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/sqlite/BIT-sqlite-2025-29087.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}