Skip to main content

SQLite CVE-2025-70873

HIGH
Improper Clearing of Heap Memory Before Release ('Heap Inspection') (CWE-244)
2026-03-12 cve@mitre.org
Information Disclosure
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 21:22 vuln.today
cvss_changed
Patch released
Apr 09, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 19:16 nvd
HIGH 7.5

DescriptionNVD

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

AnalysisAI

SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.

Technical ContextAI

exists in the zipfileInflate component. An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

RemediationAI

Monitor vendor advisories for a patch.

Vendor StatusVendor

Share

CVE-2025-70873 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy