Skip to main content

Sqlite CVE-2025-70873

HIGH
Improper Clearing of Heap Memory Before Release ('Heap Inspection') (CWE-244)
2026-03-12 cve@mitre.org
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative
Red Hat
3.3 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 21:22 vuln.today
cvss_changed
Patch released
Apr 09, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 19:16 nvd
HIGH 7.5

DescriptionCVE.org

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

AnalysisAI

SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.

Technical ContextAI

exists in the zipfileInflate component. An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

RemediationAI

Monitor vendor advisories for a patch.

More in Sqlite

View all
CVE-2015-5895 CRITICAL POC
10.0 Sep 18

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and a

CVE-2017-10989 CRITICAL
9.8 Jul 07

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles u

CVE-2025-6965 HIGH POC
7.2 Jul 15

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggr

CVE-2019-5018 HIGH POC
8.1 May 10

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Rated high se

CVE-2018-20346 HIGH POC
8.1 Dec 21

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow)

CVE-2017-15286 HIGH POC
7.5 Oct 12

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases wh

CVE-2022-35737 HIGH POC
7.5 Aug 03

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a

CVE-2021-36690 HIGH POC
7.5 Aug 24

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functi

CVE-2020-13871 HIGH POC
7.5 Jun 06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions i

CVE-2020-11655 HIGH POC
7.5 Apr 09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function

CVE-2023-7104 HIGH POC
7.3 Dec 29

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Hand

CVE-2022-46908 HIGH POC
7.3 Dec 12

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.147 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.113 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.132 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.145 Container suse/sl-micro/6.0/toolbox:13.2-9.81 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.77 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.99 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.103 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.91 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Affected
Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:14.2-7.11.264 Container suse/sle-micro/base-5.5:latest Container suse/sle-micro/kvm-5.5:latest Affected
Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-EC2 Affected
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed

Share

CVE-2025-70873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy