CVE Daily

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite version...

Critical CVSS 9.1

Overview

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

CWE: CWE-190 Published: 2025-07-29T13:15:28.953
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.1 (CRITICAL)
  • Detected tags: dos, int_overflow (tag impact: LOW)

Recommended actions:

  • Rate limiting, resource quotas and circuit breakers.

Recommended tools

Tags