CVE-2025-7458
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-11
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sqlite | sqlite | From 3.39.2 (inc) to 3.41.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1. It occurs when an attacker who can execute arbitrary SQL statements crafts a SELECT statement with a large number of expressions in the ORDER BY clause. This can cause a denial of service or disclosure of sensitive information from process memory. The issue relates to improper handling of SELECT DISTINCT ... ORDER BY queries when the number of result set terms exceeds the number of ORDER BY terms, leading to incorrect query behavior or assertion failures. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with limited privileges (the ability to execute arbitrary SQL statements) to cause a denial of service, crashing the SQLite process, or potentially disclose sensitive information from the process memory. This could lead to application instability, data leakage, or interruption of service relying on SQLite databases. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by executing crafted SQL SELECT statements with a large number of expressions in the ORDER BY clause that trigger the integer overflow or cause assertion failures, heap buffer overflows, or segmentation faults. Specific test SQL scripts (e.g., involving SELECT DISTINCT ... ORDER BY queries with many constant terms, temporary tables with complex triggers and RETURNING clauses, or large ORDER BY clauses with repeated constants) can be used to reproduce the issue. Using fuzzing tools like AFL++ with AddressSanitizer enabled on SQLite builds compiled with debug options can help detect these issues. However, no specific ready-made commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update SQLite to a version that includes the fix committed on 2023-03-16, which addresses the handling of SELECT DISTINCT ... ORDER BY queries and related assertion failures. Avoid executing untrusted or arbitrary SQL statements that include large or complex ORDER BY clauses, triggers with multiple RETURNING clauses, or generated columns until the update is applied. Additionally, compiling SQLite with debug and sanitizer options can help detect exploitation attempts during testing. [1, 2]