Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Published

2025-04-10T14:15:27.163

Last Modified

2025-09-30T16:59:27.320

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sqlite	sqlite	3.49.0	Yes

References

https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248 Third Party Advisory ([email protected])
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4 Patch ([email protected])
https://sqlite.org/forum/forumpost/48f365daec Third Party Advisory ([email protected])
https://sqlite.org/releaselog/3_49_1.html Release Notes ([email protected])
https://www.sqlite.org/cves.html Vendor Advisory ([email protected])