cve/CVE-2025-29087.md at b99156590a6b0c1cf0b374aa41887d37143570c8

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cve-scores
https://github.com/adegoodyer/kubernetes-admin-toolkit
https://github.com/hussienzietoon/FastAPI-app-with-Docker
https://github.com/jamesonberendoive/Cybersecurity-Portfolio
https://github.com/m-abdallah99/fastapi-app
https://github.com/moreserverless/gcp_vuln_scan
https://github.com/runwhen-contrib/helm-charts

1.2 KiB Raw Blame History

CVE-2025-29087

Description

POC

Reference

Github

1.2 KiB

Raw Blame History