{"id":"CVE-2025-3277","details":"An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.","aliases":["BIT-sqlite-2025-3277"],"modified":"2026-04-10T05:25:13.105883Z","published":"2025-04-14T17:15:27.297Z","related":["ALSA-2025:4459","ALSA-2025:7433","ALSA-2025:7517","SUSE-SU-2025:01455-1","SUSE-SU-2025:01456-1","SUSE-SU-2025:01456-2","SUSE-SU-2025:1455-1","SUSE-SU-2025:1456-1"],"references":[{"type":"FIX","url":"https://sqlite.org/src/info/498e3f1cf57f164f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sqlite/sqlite","events":[{"introduced":"66476771b77e3c0df9d406d912486c43ac726fab"},{"fixed":"3cd92ce875fd4e5601e535c35fef33494a6684e3"}],"database_specific":{"versions":[{"introduced":"3.44.0"},{"fixed":"3.49.1"}]}}],"versions":["major-relase","relase","version-3.44.0","version-3.45.0","version-3.46.0","version-3.47.0","version-3.48.0","version-3.49.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3277.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}