VDB
SSA-994087
SSA-994087
PUBLISHED
CVSS 8.300000190734863 HIGH
An integer overflow can be triggered in SQLite's 'concat_ws()' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be triggered. This can result in arbitrary code execution.
Risk Scores
CVSS 3.1
8.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | RUGGEDCOM CROSSBOW Station Access Controller (SAC) |
Exploit Intelligence
- v2.5.json (github-poc)
- CVE-2025-3277.json (github-poc)
Timeline
- Aug 12, 2025 CVE Published