CVE-2025-7458 Information

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Reference

https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777

Related CNNVD

CNNVD-202507-3563 (Published: 2025-07-29)