Main Vulnerability Database SB2025060215

SB2025060215 - SUSE update for sqlite3

Published: June 2, 2025

Security Bulletin ID SB2025060215

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2025-29087)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the concat_ws() function. A remote attacker who can control the separator argument can pass an on overly large string to the application and perform a denial of service (DoS) attack.

2) Integer overflow (CVE-ID: CVE-2025-29088)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the sqlite3_db_config() function. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and crash the application.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202501456-1/

Vulnerable Software

Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
libsqlite3-0-32bit: before 3.49.1-150000.3.27.1
libsqlite3-0-32bit-debuginfo: before 3.49.1-150000.3.27.1
libsqlite3-0: before 3.49.1-150000.3.27.1
libsqlite3-0-debuginfo: before 3.49.1-150000.3.27.1
sqlite3-tcl: before 3.49.1-150000.3.27.1
sqlite3-debugsource: before 3.49.1-150000.3.27.1
sqlite3-devel: before 3.49.1-150000.3.27.1
sqlite3-tcl-debuginfo: before 3.49.1-150000.3.27.1
sqlite3: before 3.49.1-150000.3.27.1
sqlite3-debuginfo: before 3.49.1-150000.3.27.1