Security Advisory

CVE-2025-3277

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-14 16:50:48

Last updated 2025-05-27 14:42:04

Assigner Google

State PUBLISHED

Description

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

← Browse all CVEs View on cve.org ↗