1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1102411: sqlite3: CVE-2025-29087

    From Salvatore Bonaccorso@21:1/5 to All on Tue Apr 8 22:00:02 2025
    Source: sqlite3
    Version: 3.46.1-2
    Severity: important
    Tags: security upstream
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi Laszlo

    The following vulnerability was published for sqlite3.

    CVE-2025-29087[0]:
    | Sqlite 3.49.0 is susceptible to integer overflow through the concat
    | function.

    Unfortunately the information available is quite scarce, can you reach
    out to upstream to see if we can have the issue pinpointed more
    precisely, having upstream references?

    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-29087
    https://www.cve.org/CVERecord?id=CVE-2025-29087

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?TMOhc3psw7MgQsO2c3rDtnJtw@21:1/5 to carnil@debian.org on Tue Apr 8 23:00:01 2025
    Control: found -1 3.44.0-1
    Control: fixed -1 3.49.1
    Control: forwarded -1 https://sqlite.org/src/info/498e3f1cf57f164f
    Control: tags -1 +patch +fixed-upstream

    Hi,

    On Tue, Apr 8, 2025 at 9:51 PM Salvatore Bonaccorso <carnil@debian.org> wrote:
    The following vulnerability was published for sqlite3.

    CVE-2025-29087[0]:
    | Sqlite 3.49.0 is susceptible to integer overflow through the concat
    | function.
    This is zero information. :( I add what I know from upstream. This
    bug is introduced in upstream version 3.44.0 (doesn't affect our
    stable releases as those are older ones). The actual vulnerability is
    in the concat_ws() function, which can cause a memory error if the
    separator string is very large (hundreds of megabytes). The fix is
    already in place and a small one. I plan to upload it tomorrow
    afternoon.

    Hope this helps,
    Laszlo/GCS

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to All on Wed Apr 9 06:00:01 2025
    Hi László,

    On Tue, Apr 08, 2025 at 10:52:11PM +0200, László Böszörményi (GCS) wrote:
    Control: found -1 3.44.0-1
    Control: fixed -1 3.49.1
    Control: forwarded -1 https://sqlite.org/src/info/498e3f1cf57f164f
    Control: tags -1 +patch +fixed-upstream

    Hi,

    On Tue, Apr 8, 2025 at 9:51 PM Salvatore Bonaccorso <carnil@debian.org> wrote:
    The following vulnerability was published for sqlite3.

    CVE-2025-29087[0]:
    | Sqlite 3.49.0 is susceptible to integer overflow through the concat
    | function.
    This is zero information. :( I add what I know from upstream. This
    bug is introduced in upstream version 3.44.0 (doesn't affect our
    stable releases as those are older ones). The actual vulnerability is
    in the concat_ws() function, which can cause a memory error if the
    separator string is very large (hundreds of megabytes). The fix is
    already in place and a small one. I plan to upload it tomorrow
    afternoon.

    Thank you very much for provinding this additional information. Yes
    the CVE entry iself was with so little information. Thanks for
    updating the tracker accordingly.

    Hope this helps,

    Yes it does :)

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)