CVE-2025-6965

Integer Truncation on SQLite

Published: 7/15/2025 Last updated: 11/4/2025 Reserved: 7/1/2025

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CNA assigner: Google (14ed7db2-1595-443d-9d34-6215bf890778) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
4.0	7.2	High	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

Opam packages affected (4)

conf-mingw-w64-sqlite3-i686 conf-mingw-w64-sqlite3-x86_64 conf-sqlite3 lemonade-sqlite

Products affected (2)

Product	Vendor	Version
SQLite	SQLite	22.0 ap370544
SQLite	SQLite	< V6.6

References (14)

Credits (2)

1 Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep
1 Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep