CVE-2022-35737

HIGH

SQLite 1.0.12-3.39.x - Array Index Overflow via String Argument to C API

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-35737. PoCs published by gmh5225, rvermeulen.

AI-analyzed exploit summary This repository contains functional proof-of-concept code demonstrating an integer overflow vulnerability in SQLite3's `sqlite3_str_vappendf` function (CVE-2022-35737). The PoCs include crashes, controlled stack corruption, and livelock scenarios, with a Dockerfile for easy reproduction.

Description

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Exploits (2)

nomisec WORKING POC 12 stars

by gmh5225 · poc

https://github.com/gmh5225/CVE-2022-35737

View Code ZIP pw:eip

This repository contains functional proof-of-concept code demonstrating an integer overflow vulnerability in SQLite3's `sqlite3_str_vappendf` function (CVE-2022-35737). The PoCs include crashes, controlled stack corruption, and livelock scenarios, with a Dockerfile for easy reproduction.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: SQLite3 versions 1.0.12 to 3.39.1

No auth needed

Prerequisites: 64-bit system · SQLite3 compiled without stack canaries for RCE

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 1 stars

by rvermeulen · poc

https://github.com/rvermeulen/codeql-cve-2022-35737

View Code ZIP pw:eip

This repository contains CodeQL queries and test cases for analyzing CVE-2022-35737, a buffer overflow vulnerability. It includes a test case demonstrating incorrect buffer handling but does not provide a functional exploit.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Unknown (CodeQL analysis for CVE-2022-35737)

No auth needed

Prerequisites: CodeQL environment · CVE-2022-35737 affected software

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202210-40

Exploit, Third Party Advisory

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

Broken Link, Third Party Advisory, US Government Resource

https://kb.cert.org/vuls/id/720344

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220915-0009/

Release Notes, Vendor Advisory

https://sqlite.org/releaselog/3_39_2.html

Vendor Advisory

https://www.sqlite.org/cves.html

Scores

CVSS v3 7.5

EPSS 0.5428

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (5)

crates.io/libsqlite3-sys 0 - 0.25.1crates.io

netapp/ontap_select_deploy_administration_utility

splunk/universal_forwarder 9.1.0

splunk/universal_forwarder 8.2.0 - 8.2.12

sqlite/sqlite 1.0.12 - 3.39.2

Published Aug 03, 2022

Tracked Since Feb 18, 2026