Source: sqlite3
Version: 3.46.1-7
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi Laszlo,
The following vulnerability was published for sqlite3.
CVE-2025-7709[0]:
| Integer Overflow in FTS5 Extension
I think the issue is as well present before bd0e3ed522a1 ("Use
flexible arrays whereever appropriate in FTS5.") which is afaics only
in version-3.50.0 onwards itself. This would be somehow inline with
[1] which claims at least 3.49.1 is affected as well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7709
https://www.cve.org/CVERecord?id=CVE-2025-7709
[1]
https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g
[2] https://sqlite.org/src/info/63595b74956a9391
https://github.com/sqlite/sqlite/commit/192d0ff8ccf0bf55776a5930cdc64e25f87299d6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
