CVE Vulnerabilities

CVE-2025-6965

Numeric Truncation Error

Published: Jul 15, 2025 | Modified: Nov 04, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.7 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Weakness

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Affected Software

NameVendorStart VersionEnd Version
SqliteSqlite*3.50.2 (excluding)
Red Hat Enterprise Linux 10RedHatsqlite-0:3.46.1-5.el10_0*
Red Hat Enterprise Linux 7 Extended Lifecycle SupportRedHatsqlite-0:3.7.17-9.el7_9.1*
Red Hat Enterprise Linux 8RedHatnodejs:22-8100020250717142920.6d880403*
Red Hat Enterprise Linux 8RedHatsqlite-0:3.26.0-20.el8_10*
Red Hat Enterprise Linux 8RedHatmingw-sqlite-0:3.26.0.0-2.el8_10*
Red Hat Enterprise Linux 8RedHatsqlite-0:3.26.0-20.el8_10*
Red Hat Enterprise Linux 8.2 Advanced Update SupportRedHatsqlite-0:3.26.0-6.el8_2.1*
Red Hat Enterprise Linux 8.2 Advanced Update SupportRedHatspice-client-win-0:8.10-3.el8_2.1*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatsqlite-0:3.26.0-13.el8_4.1*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatspice-client-win-0:8.10-3.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatsqlite-0:3.26.0-13.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatspice-client-win-0:8.10-3.el8_4.1*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatsqlite-0:3.26.0-16.el8_6.3*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatspice-client-win-0:8.10-3.el8_6.1*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatsqlite-0:3.26.0-16.el8_6.3*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatspice-client-win-0:8.10-3.el8_6.1*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatsqlite-0:3.26.0-16.el8_6.3*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatspice-client-win-0:8.10-3.el8_6.1*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatsqlite-0:3.26.0-18.el8_8.2*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatspice-client-win-0:8.10-3.el8_8.1*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatsqlite-0:3.26.0-18.el8_8.2*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatspice-client-win-0:8.10-3.el8_8.1*
Red Hat Enterprise Linux 9RedHatnodejs:22-9060020250721113755.rhel9*
Red Hat Enterprise Linux 9RedHatsqlite-0:3.34.1-8.el9_6*
Red Hat Enterprise Linux 9RedHatsqlite-0:3.34.1-9.el9_7*
Red Hat Enterprise Linux 9RedHatsqlite-0:3.34.1-8.el9_6*
Red Hat Enterprise Linux 9RedHatsqlite-0:3.34.1-9.el9_7*
Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRedHatsqlite-0:3.34.1-5.el9_0.1*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatsqlite-0:3.34.1-6.el9_2.2*
Red Hat Enterprise Linux 9.4 Extended Update SupportRedHatsqlite-0:3.34.1-7.el9_4.1*
Red Hat OpenShift Container Platform 4.12RedHatrhcos-412.86.202510291903-0*
Red Hat OpenShift Container Platform 4.13RedHatrhcos-413.92.202510150118-0*
Red Hat OpenShift Container Platform 4.14RedHatrhcos-414.92.202510211419-0*
Red Hat OpenShift Container Platform 4.17RedHatrhcos-417.94.202510112152-0*
Red Hat OpenShift Container Platform 4.18RedHatrhcos-418.94.202510230424-0*
Red Hat OpenShift Container Platform 4.19RedHatrhcos-4.19.9.6.202510140714-0*
Red Hat OpenShift Container Platform 4.20RedHatrhcos-4.20.9.6.202509251656-0*
Red Hat Web Terminal 1.11 on RHEL 9RedHatweb-terminal/web-terminal-rhel9-operator:1.11-19*
Red Hat Web Terminal 1.11 on RHEL 9RedHatweb-terminal/web-terminal-tooling-rhel9:1.11-8*
Red Hat Web Terminal 1.12 on RHEL 9RedHatweb-terminal/web-terminal-tooling-rhel9:1.12-4*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0-11*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0-11*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0-11*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0-10*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0-10*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.36.0-4*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-management-console-rhel8:1.36.0-9*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-operator-bundle:1.36.0-12*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-rhel8-operator:1.36.0-18*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-swf-builder-rhel8:1.36.0-11*
RHOSS-1.36-RHEL-8RedHatopenshift-serverless-1/logic-swf-devmode-rhel8:1.36.0-7*
Cert-manager operator for Red Hat OpenShift 1.16RedHatcert-manager/jetstack-cert-manager-rhel9:sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b*
Compliance Operator 1RedHatcompliance/openshift-compliance-content-rhel8:sha256:0642196267bef5bc68c20a5ee4d35c5dd139fbb00a905578a85cab5e220f445a*
Compliance Operator 1RedHatcompliance/openshift-compliance-must-gather-rhel8:sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e*
Compliance Operator 1RedHatcompliance/openshift-compliance-openscap-rhel8:sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41*
Compliance Operator 1RedHatcompliance/openshift-compliance-rhel8-operator:sha256:525c4d55fde92557bd0c3123961cb32eee28edca3aaa884e224d5efa4f3c4f83*
File Integrity Operator 1RedHatcompliance/openshift-file-integrity-rhel8-operator:sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9*
Red Hat Advanced Cluster Security 4.7RedHatadvanced-cluster-security/rhacs-collector-rhel8:sha256:e3444345f04c1569ec97530ddd6b6e4ccd38a2887d500054ac93f76f54c07aa8*
Red Hat AI Inference Server 3.2RedHatrhaiis/vllm-cuda-rhel9:sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b*
Red Hat AI Inference Server 3.2RedHatrhaiis/vllm-rocm-rhel9:sha256:7856bdb7ae0d643a7b9362c164d4d4fe3c0c7186f5fff73a7ae9835b3df52e57*
Red Hat AI Inference Server 3.2RedHatrhaiis/model-opt-cuda-rhel9:sha256:dce6b0ea03379bf06664a5200af8b5f5ae3fad13cdce6d21873843f22554800b*
Red Hat Ceph Storage 7RedHatrhceph/rhceph-7-rhel9:sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631*
Red Hat Ceph Storage 8RedHatrhceph/rhceph-8-rhel9:sha256:08f8552a0a56a47ab606bed47b603e3d2aedaa389d4a5df4dbfa06acee85c0c0*
Red Hat Ceph Storage 8RedHatrhceph/rhceph-8-rhel9:sha256:97a60239048123bc963d7c9ac2ad85caa6a254759e44c15f173ca12ea51e4719*
Red Hat Discovery 2RedHatdiscovery/discovery-server-rhel9:sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec*
Red Hat Discovery 2RedHatdiscovery/discovery-server-rhel9:sha256:b4683720677a1e45efbfd291d8b130b530642221e8a55a49e931e1b8b2c81ac3*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:sha256:310df392f638ef6eca1a26db024ae2cb617db5932f886d2acddc92fb7289e740*
Red Hat Insights proxy 1.5RedHatinsights-proxy/insights-proxy-container-rhel9:sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7*
Red Hat Insights proxy 1.5RedHatinsights-proxy/insights-proxy-container-rhel9:sha256:1d72e553fe5a7696e600dc8fd2fe9050ba1992fa190bea622134ca7bfce7bb0d*
SqliteUbuntuupstream*
Sqlite3Ubuntudevel*
Sqlite3Ubuntuesm-infra-legacy/trusty*
Sqlite3Ubuntuesm-infra/bionic*
Sqlite3Ubuntuesm-infra/focal*
Sqlite3Ubuntuesm-infra/xenial*
Sqlite3Ubuntujammy*
Sqlite3Ubuntunoble*
Sqlite3Ubuntuplucky*
Sqlite3Ubuntuquesting*

Potential Mitigations

References