DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-6965: CVE-2025-6965: Remote Code Execution via Integer Truncation in SQLite Aggregate Parser

CVE-2025-6965: Remote Code Execution via Integer Truncation in SQLite Aggregate Parser

Vulnerability ID: CVE-2025-6965
CVSS Score: 7.7
Published: 2025-07-15

An integer truncation vulnerability (CWE-197) exists in SQLite before version 3.50.2 during the processing of aggregate queries with more than 32,767 distinct column references. This causes an internal 32-bit counter to truncate to a signed 16-bit integer, producing negative values that cause out-of-bounds heap operations in release builds.

TL;DR

Integer truncation in SQLite's aggregate query compiler allows remote code execution or denial of service through out-of-bounds heap reads and writes when processing queries with over 32,767 unique columns.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-197
  • Attack Vector: Network (AV:N)
  • CVSS Score: 7.7 (High)
  • EPSS Score: 0.73495 (99.40th percentile)
  • Impact: Memory Corruption / Remote Code Execution
  • Exploit Status: PoC Available
  • KEV Status: Not listed

Affected Systems

  • SQLite Database Engine
  • Apple iOS
  • Apple macOS
  • Apple watchOS
  • Apple tvOS
  • Apple iPadOS
  • Apple visionOS
  • Siemens Ruggedcom Crossbow
  • Siemens SIDIS Prime

Exploit Details

Mitigation Strategies

  • Upgrade native SQLite binaries to 3.50.2 or newer
  • Filter incoming SQL query strings to reject abnormally large or highly complex column expressions
  • Enable compiler warnings for implicit truncation inside native compilation pipelines

Remediation Steps:

  1. Identify all systems executing native SQLite binaries, including packaged wrappers like NuGet SQLitePCLRaw.
  2. Apply the vendor security updates or replace library components with 3.50.2 compliant versions.
  3. Verify runtime checks in non-debug release builds to ensure error checking functions handle oversized query limits safely.

References


Read the full report for CVE-2025-6965 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)