Early Access — Mondoo Vulnerability Intelligence is currently in preview.
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
Exploitability
AV:LAC:HPR:NUI:NScope
S:CImpact
C:NI:NA:L3.2/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:LOther