CRITICAL 9.8
GHSA-2m69-gcr7-jv3q
SQLitePCLRaw.lib.e_sqlite3 has a vulnerable dependency on SQLite
Details
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / SQLitePCLRaw.lib.e_sqlite3
Introduced in:
0 No fixed version published yet for SQLitePCLRaw.lib.e_sqlite3 (nuget). Pin to a known-safe version or switch to an alternative.
NuGet / SQLitePCLRaw.lib.e_sqlite3.android
Introduced in:
0 No fixed version published yet for SQLitePCLRaw.lib.e_sqlite3.android (nuget). Pin to a known-safe version or switch to an alternative.
NuGet / SQLitePCLRaw.lib.e_sqlite3.ios
Introduced in:
0 No fixed version published yet for SQLitePCLRaw.lib.e_sqlite3.ios (nuget). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/google/security-research/security/advisories/GHSA-qj7j-3jp8-8ccv [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2025-6965 [ADVISORY]
- https://github.com/github/advisory-database/pull/7675 [WEB]
- https://cert-portal.siemens.com/productcert/html/ssa-225816.html [WEB]
- https://cert-portal.siemens.com/productcert/html/ssa-485750.html [WEB]
- https://github.com/ericsink/SQLitePCL.raw [PACKAGE]
- https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 [WEB]
- http://seclists.org/fulldisclosure/2025/Sep/49 [WEB]
- http://seclists.org/fulldisclosure/2025/Sep/53 [WEB]
- http://seclists.org/fulldisclosure/2025/Sep/56 [WEB]
- http://seclists.org/fulldisclosure/2025/Sep/57 [WEB]
- http://seclists.org/fulldisclosure/2025/Sep/58 [WEB]
- http://www.openwall.com/lists/oss-security/2025/09/06/1 [WEB]