Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggregate queries causing integrity impacts. The vulnerability stems from improper validation of aggregate terms against available columns (CWE-197), leading to buffer overflow conditions. CVSS 7.2 (High) with network attack vector but high complexity and partial attack complexity requirements. Vendor-released patch available in SQLite 3.50.2. No confirmed active exploitation (not in CISA KEV), though multiple security advisories from Siemens and OSS-security mailing lists indicate broad downstream impact across industrial control systems and embedded products using SQLite.
Buffer Overflow
Sqlite
NVD
Exploit-DB
VulDB
CVSS 4.0
7.2
EPSS
1.5%
Threat
5.0