NVD Vulnerability Detail

CVE-2025-6965

Summary	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Summary	Existe una vulnerabilidad en las versiones de SQLite anteriores a la 3.50.2 donde el número de términos agregados podría exceder el número de columnas disponibles. Esto podría causar un problema de corrupción de memoria. Recomendamos actualizar a la versión 3.50.2 o superior.
Publication Date	July 15, 2025, 11:15 p.m.
Registration Date	July 16, 2025, 4 a.m.
Last Update	April 14, 2026, 7:16 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:sqlite:sqlite::::::::					3.50.2

Related information, measures and tools

No	URL	refsource
1	https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8	cve-coordination@google.com
2	http://seclists.org/fulldisclosure/2025/Sep/49	af854a3a-2127-422b-91ae-364da2661108
3	http://seclists.org/fulldisclosure/2025/Sep/53	af854a3a-2127-422b-91ae-364da2661108
4	http://seclists.org/fulldisclosure/2025/Sep/56	af854a3a-2127-422b-91ae-364da2661108
5	http://seclists.org/fulldisclosure/2025/Sep/57	af854a3a-2127-422b-91ae-364da2661108
6	http://seclists.org/fulldisclosure/2025/Sep/58	af854a3a-2127-422b-91ae-364da2661108
7	http://www.openwall.com/lists/oss-security/2025/09/06/1	af854a3a-2127-422b-91ae-364da2661108
8	https://cert-portal.siemens.com/productcert/html/ssa-225816.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
9	https://cert-portal.siemens.com/productcert/html/ssa-485750.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-197	数値打ち切り誤差	https://cwe.mitre.org/data/definitions/197.html

JVN Vulnerability Information

SQLite における数値打ち切り誤差に関する脆弱性

Title	SQLite における数値打ち切り誤差に関する脆弱性
Summary	SQLite には、数値打ち切り誤差に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	July 15, 2025, midnight
Registration Date	July 23, 2025, 3:51 p.m.
Last Update	July 23, 2025, 3:51 p.m.

Affected System

SQLite

SQLite 3.50.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2025-6965	https://www.cve.org/CVERecord?id=CVE-2025-6965
National Vulnerability Database (NVD)
2	CVE-2025-6965	https://nvd.nist.gov/vuln/detail/CVE-2025-6965

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-197	https://cwe.mitre.org/data/definitions/197.html

その他

No	Name	URL
関連文書
1	www.sqlite.org (5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8)	https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Change Log

No	Changed Details	Date of change
1	[2025年07月23日] 掲載	July 23, 2025, 3:50 p.m.