Security Advisory Description
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737)
Impact
An authenticated remote attacker can exploit this vulnerability by sending a specially crafted large input to the application and perform a denial of service (DoS) attack to the sqlite component. There is no data plane exposure; this is a control plane issue only.
AI Score
Confidence
EPSS
Percentile
65.5%