Apr 8, 2026·7 min read·47 visits
The SQLite FTS5 extension contains an integer overflow flaw (CVE-2025-7709) causing an out-of-bounds write of tombstone pointers due to a 64-bit to 32-bit truncation during memory allocation.
An integer overflow vulnerability exists in the SQLite Full-Text Search (FTS5) extension, leading to a heap-based out-of-bounds write. The flaw occurs due to a truncation error when calculating the memory allocation size for tombstone pointers. This vulnerability affects SQLite versions 3.49.1 up to but not including 3.50.3.
The SQLite Full-Text Search version 5 (FTS5) extension contains an integer overflow vulnerability resulting in a heap-based out-of-bounds write. The extension provides full-text search capabilities for database applications, exposing a virtual table interface that parses and indexes textual data. This interface handles the deletion of rows by creating internal markers within the index structure.
The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). It specifically manifests during the memory allocation phase for an array of tombstone pointers used to track these deleted records. The calculation logic determines the required buffer size based on the number of deleted rows present in the system.
When processing an unusually large number of tombstones, the calculated size exceeds the maximum value representable by a 32-bit signed integer. The resulting size is truncated, leading to an insufficient memory allocation. Subsequent operations write pointer data beyond the boundaries of this undersized heap buffer.
This memory corruption primitive allows an attacker to overwrite adjacent heap metadata or application data with partially controlled pointer values. The impact heavily depends on the execution environment but compromises the integrity and stability of the host process.
The FTS5 module implements full-text search by creating a set of underlying shadow tables for every virtual table defined by the user. These shadow tables store the actual index data, vocabulary lists, and configuration parameters. When a user executes a database deletion operation against the virtual table, FTS5 does not immediately traverse the entire index to remove the corresponding terms.
Instead, the extension employs a lazy deletion mechanism. It records the deleted row identifiers using internal memory structures referred to as tombstones. During subsequent queries or index optimization passes, the extension must filter out results that match these tombstones.
Filtering requires loading the tombstone data into memory, parsing the structured data from the shadow tables, and constructing an in-memory array for rapid lookups. The application must calculate the required memory to hold an array of pointers referencing these parsed tombstone records. This dynamic array allocation represents the critical path where the integer overflow vulnerability occurs.
The root cause lies in an insecure type conversion during the array size calculation phase. The total number of tombstones is multiplied by the size of a pointer in memory. While the intermediate calculation may utilize a 64-bit integer type, the result is subsequently cast or assigned to a 32-bit integer variable before being passed to the memory allocation function.
The C programming language standard dictates specific type conversion rules when operands of different sizes interact. If the calculated size exceeds 0xFFFFFFFF bytes, the upper 32 bits of the value are discarded during the assignment. The 32-bit integer wraps around to a small positive or negative value.
When passed to the allocator, this truncated size results in a heap chunk that is significantly smaller than the actual array size required. The application proceeds under the assumption that the allocation succeeded for the full requested bounds. The extension then enters a loop to populate the array with pointers to the tombstone records in memory.
Because the termination condition of the loop relies on the original, untruncated count rather than the allocated buffer size, the software performs an out-of-bounds write. The data written consists of memory addresses pointing to the parsed FTS5 structures.
To understand the truncation mechanism, examine the conceptual logic surrounding the tombstone array allocation. The vulnerability surfaces when a large count variable interacts with the pointer size multiplier. A 64-bit integer representing the necessary array size is implicitly converted to a 32-bit signed integer.
// Conceptual Vulnerable Logic
sqlite3_int64 nTombstones = get_tombstone_count();
// The size calculation exceeds 32-bit limits but truncates on assignment
int allocSize = (int)(nTombstones * sizeof(Fts5Tombstone*));
Fts5Tombstone **pArray = (Fts5Tombstone**)sqlite3_malloc(allocSize);The patched code addresses this by strictly maintaining 64-bit arithmetic and utilizing the 64-bit aware memory allocation functions provided by the SQLite core. Furthermore, explicit upper-bound limits reject queries that demand an unreasonable number of tombstone markers. This prevents excessive memory consumption regardless of the system allocation capabilities.
// Conceptual Patched Logic
sqlite3_int64 nTombstones = get_tombstone_count();
sqlite3_int64 allocSize = nTombstones * sizeof(Fts5Tombstone*);
// Explicit bounds check prevents resource exhaustion and overflow
if (allocSize < 0 || allocSize > FTS5_MAX_ALLOC_SIZE) {
return SQLITE_TOOBIG;
}
Fts5Tombstone **pArray = (Fts5Tombstone**)sqlite3_malloc64(allocSize);The fix successfully migrates the allocation variable to a 64-bit integer (sqlite3_int64) and employs sqlite3_malloc64, eliminating the truncation path. The additional bounds checking ensures that the software fails gracefully when processing malicious input designed to trigger extreme memory allocations.
Exploiting CVE-2025-7709 requires the attacker to submit a precisely crafted sequence of SQL commands to an application utilizing the SQLite FTS5 extension. The application must permit the attacker to insert and delete a massive volume of records, or the attacker must provide a malformed SQLite database file directly to the target environment.
The attacker populates the FTS5 virtual table with enough records to ensure the deletion operation generates a vast number of tombstones. The primary objective is pushing the tombstone count past the threshold required to trigger the 64-bit to 32-bit truncation during the multiplication step. This guarantees the allocation of an undersized heap buffer.
Reliable exploitation of a heap out-of-bounds write requires precise control over the memory layout. The attacker ensures the vulnerable allocation lands adjacent to a target data structure through heap grooming. By repeatedly inserting and deleting text data, the attacker manipulates the underlying memory allocator into predictable patterns to create a memory hole.
Immediately following this hole, the attacker places a victim object. Since the out-of-bounds write consists of partially controlled pointers rather than arbitrary data, the attacker focuses on corrupting function pointers or object vtables. Google Security Research confirmed the technical feasibility of this primitive by developing a working Proof-of-Concept.
The impact of this vulnerability centers on high severity system integrity compromise, reflected in the CVSS 4.0 vector (VI:H). The out-of-bounds write corrupts heap memory structures. This action leads to application instability, denial of service conditions, and potentially remote code execution.
In client-side applications utilizing SQLite for local storage, an attacker triggers this flaw by coercing the user into opening a malicious database file. Execution of arbitrary code in this context occurs within the privileges of the application sandbox. This attack vector targets desktop software, mobile applications, and environments parsing untrusted SQLite artifacts.
In server-side environments, applications accepting arbitrary SQL queries from untrusted users face severe risks. If an attacker weaponizes the out-of-bounds pointer write, they gain the ability to execute code on the host operating system. This facilitates lateral movement and total compromise of the affected enterprise systems.
The Exploit Prediction Scoring System (EPSS) assigns this vulnerability a low probability of exploitation at 0.00057. This aligns with the extreme technical complexity required to achieve reliable execution via a constrained pointer-write primitive. The prerequisite of executing exhaustive SQL operations further restricts real-world exploitability.
The definitive remediation for CVE-2025-7709 is updating the SQLite library to version 3.50.3 or higher. This release contains the necessary architectural changes to the FTS5 memory allocation logic. The patch ensures safe type conversions and enforces explicit boundary limits on tombstone arrays.
Administrators must identify all instances of SQLite within their infrastructure using Software Composition Analysis (SCA) tools. Because SQLite is frequently statically linked into applications or bundled within language runtimes, relying solely on operating system package managers leaves hidden vulnerabilities unpatched. Security teams must scan compiled binaries for embedded SQLite version strings.
If immediate patching is unfeasible, operators must restrict access to FTS5 functionalities. Applications must enforce strict input validation, rejecting overly complex queries or bulk deletion attempts on FTS5 virtual tables from low-privileged users. This significantly reduces the attack surface available to unauthenticated actors.
Developers building custom applications with SQLite should evaluate whether the FTS5 extension is functionally necessary. Compiling SQLite from source without the SQLITE_ENABLE_FTS5 flag entirely eliminates the attack surface associated with this specific component.
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L| Product | Affected Versions | Fixed Version |
|---|---|---|
SQLite FTS5 SQLite | >= 3.49.1, < 3.50.3 | 3.50.3 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-190 |
| Attack Vector | Network (AV:N) |
| CVSS Score | 6.9 |
| EPSS Score | 0.00057 |
| Impact | Integrity, Availability, Potential RCE |
| Exploit Status | Proof-of-Concept |
| KEV Status | Not Listed |
Integer Overflow or Wraparound
Open WebUI versions prior to 0.6.6 contain a stored cross-site scripting (XSS) vulnerability that allows low-privileged users to upload malicious HTML files containing arbitrary JavaScript. When viewed by an administrator, the executed script can abuse administrative APIs to register malicious functions, leading to remote code execution on the underlying server host.
A critical Stored Cross-Site Scripting (XSS) vulnerability exists in Open WebUI versions prior to 0.6.6. The vulnerability resides in client-side Markdown rendering, where unvalidated iframe tags containing local API base URLs bypass DOMPurify sanitization. This flaw allows authenticated attackers to steal user session tokens. If an administrative session is compromised, the attacker can leverage the application's native Python execution capabilities ('Functions') to achieve arbitrary Remote Code Execution (RCE) on the hosting server.
CVE-2026-26192 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability in Open WebUI prior to version 0.7.0. Authenticated users can modify chat history metadata to force document citations to render inside an HTML iframe configured with an insecure sandbox policy. By combining 'allow-scripts' and 'allow-same-origin', the sandbox boundary is neutralized. This allows scripts executing within the iframe to access the parent window's DOM, extract sensitive Web UI local storage keys (such as authentication JWTs), and perform state-changing actions on behalf of other users, including administrators.
CVE-2026-26193 is a stored Cross-Site Scripting (XSS) vulnerability in Open WebUI prior to version 0.6.44. The vulnerability arises because the rendering engine hardcodes insecure sandbox options on an iframe component used for response embeds, allowing attackers to execute JavaScript in the parent window origin.
Open WebUI versions 0.7.2 and below contain a blind Server-Side Request Forgery (SSRF) vulnerability. The flaw exists within the image editing router, specifically inside the /api/v1/images/edit endpoint. An authenticated attacker with low privileges can exploit this endpoint to initiate asynchronous HTTP GET requests to local, private, or internal network services, mapping system resources and bypassing boundary restrictions.
An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.