CVE-2022-35737

HIGHScheduled

Published:Aug 3, 2022(3 years ago)

Modified:Feb 13, 2026

Remote ExploitNo Auth RequiredNo InteractionLow Complexity

Vulnerability Description

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Attack Characteristics

Network AccessLow ComplexityNo Auth NeededNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
sqlite	sqlite	1.0.12 - 3.39.2	-
netapp	ontap_select_deploy_administration_utility	-	-
splunk	universal_forwarder

Timeline

Published
CVE disclosed publicly
Aug 3, 20223 years ago
Last Modified
Most recent update
Feb 13, 20263 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022...Exploit
https://kb.cert.org/vuls/id/720344Broken Link
https://security.gentoo.org/glsa/202210-40Third Party Advisory

CVSS Score

v3.1

7.5/ 10.0

HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

At a Glance

Affected Products

References

sqlite / sqlite

CVE-2022-35737

Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

CVE-2022-35737

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description