CVE-2025-3277

Published: Apr 14, 2025
Updated: Aug 2, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-3277" target="_blank" rel="noopener"> CVE-2025-3277
Severity: Critical
Exploit:

An integer overflow can be triggered in SQLite’s concat_ws() function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.