CVE-2025-7458
Public on 2025-07-29
Modified on 2025-07-30
Description
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Firefox Extra | firefox | Not Affected | ||
| Amazon Linux 2023 | firefox | Not Affected | ||
| Amazon Linux 2023 | nodejs | Not Affected | ||
| Amazon Linux 2 - Core | nss | Not Affected | ||
| Amazon Linux 2023 | nss | Not Affected | ||
| Amazon Linux 1 | sqlite | No Fix Planned | ||
| Amazon Linux 2 - Core | sqlite | Not Affected | ||
| Amazon Linux 2023 | sqlite | Pending Fix | ||
| Amazon Linux 2 - Core | thunderbird | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |