OESA-2026-1770

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1770

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1770.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2026-1770

Upstream

CVE-2025-6965

CVE-2025-70873

Published

2026-03-27T14:07:45Z

Modified

2026-03-27T14:19:10.739902Z

Summary

sqlite security update

Details

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.

Security Fix(es):

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.(CVE-2025-6965)

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.(CVE-2025-70873)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / sqlite

Package

Name: sqlite
Purl: pkg:rpm/openEuler/sqlite&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.37.2-8.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "sqlite-help-3.37.2-8.oe2203sp4.noarch.rpm"
    ],
    "aarch64": [
        "sqlite-3.37.2-8.oe2203sp4.aarch64.rpm",
        "sqlite-debuginfo-3.37.2-8.oe2203sp4.aarch64.rpm",
        "sqlite-debugsource-3.37.2-8.oe2203sp4.aarch64.rpm",
        "sqlite-devel-3.37.2-8.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "sqlite-3.37.2-8.oe2203sp4.x86_64.rpm",
        "sqlite-debuginfo-3.37.2-8.oe2203sp4.x86_64.rpm",
        "sqlite-debugsource-3.37.2-8.oe2203sp4.x86_64.rpm",
        "sqlite-devel-3.37.2-8.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "sqlite-3.37.2-8.oe2203sp4.src.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1770.json"