Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.2 package sqlite3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2025-3277 — CVSS 9.8 (critical): An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a…
CVE-2023-2137 — CVSS 8.8 (high): Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption…
CVE-2025-6965 — CVSS 7.7 (high): There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns…
CVE-2021-36690 — CVSS 7.5 (high): A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a…
CVE-2025-70873 — CVSS 7.5 (high): An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to…
CVE-2022-35737 — CVSS 7.5 (high): SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to…
CVE-2022-46908 — CVSS 7.3 (high): SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the…
CVE-2025-7709: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is…
CVE-2025-29088 — CVSS 5.6 (medium): In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service…
CVE-2025-29087 — CVSS 3.2 (low): In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a…