CVE-2022-35737

HIGH

SQLite <3.39.2 - Buffer Overflow

Title source: llm

Description

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Exploits (2)

nomisec WORKING POC 12 stars
by gmh5225 · poc
https://github.com/gmh5225/CVE-2022-35737
nomisec WRITEUP 1 stars
by rvermeulen · poc
https://github.com/rvermeulen/codeql-cve-2022-35737

References (6)

Scores

CVSS v3 7.5
EPSS 0.5194
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-129
Status published
Products (5)
crates.io/libsqlite3-sys 0 - 0.25.1crates.io
netapp/ontap_select_deploy_administration_utility
splunk/universal_forwarder 9.1.0
splunk/universal_forwarder 8.2.0 - 8.2.12
sqlite/sqlite 1.0.12 - 3.39.2
Published Aug 03, 2022
Tracked Since Feb 18, 2026