Skip to main content

SQLite EUVD-2026-35794

| CVE-2026-11822 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 VulnCheck GHSA-6qj8-gw6p-hc5p
Heap Overflow Buffer Overflow RCE Sqlite
8.5
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 09, 2026 - 20:44 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 09, 2026 - 20:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 09, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
Jun 09, 2026 - 20:22 NVD
7.8 (HIGH) 8.5 (HIGH)
Analysis Generated
Jun 09, 2026 - 20:09 vuln.today

DescriptionCVE.org

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.

AnalysisAI

Memory corruption in SQLite versions before 3.53.2 enables attackers to crash processes, exhaust memory, or potentially execute arbitrary code by supplying a crafted database that triggers flaws in the FTS5 full-text search extension when a MATCH query runs. The CVSS 4.0 vector indicates local attack vector with passive user interaction required, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft malicious SQLite database with malformed FTS5 pages
Delivery
Deliver file via email, download, or sync
Exploit
Victim opens file in vulnerable application
Install
Application issues FTS5 MATCH query
C2
Integer underflow triggers heap overflow in fts5ChunkIterate()
Execute
Hijack control flow in application process
Impact
Execute arbitrary code with user privileges
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the target application to (1) link a SQLite build with FTS5 compiled in (the upstream default), (2) open an attacker-supplied or attacker-tampered database file, and (3) execute an FTS5 MATCH query against the malicious FTS5 index - typically via normal application logic that searches the opened database. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 8.5 reflects local attack vector (AV:L) with low complexity, no privileges, and passive user interaction (UI:P) leading to high confidentiality, integrity, and availability impact on the vulnerable component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious SQLite database file containing malformed FTS5 segment pages and delivers it via email attachment, file share, sync service, or download. When a user opens the file in an application that runs an FTS5 MATCH query against the embedded index - for example a desktop mail client, password manager, browser profile import, or forensic tool - the integer underflow in fts5ChunkIterate() corrupts the heap and may be steered toward arbitrary code execution in the application's process. …
Remediation Vendor-released patch: SQLite 3.53.2; upgrade the SQLite library used by the application or operating system to 3.53.2 or later, referencing the upstream commits at https://sqlite.org/src/info/061febcf41ca and https://sqlite.org/src/info/4a5ad516ea93 and the release notes at https://sqlite.org/releaselog/3_53_2.html. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all production systems and applications to identify SQLite deployments with FTS5 extension enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11824 HIGH
8.5 Jun 09

Heap-based buffer overflow in SQLite's FTS5 full-text search extension (versions before 3.53.2) allows attackers to cras

Share

EUVD-2026-35794 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy