CVE-2022-35737

high Splunk
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
51.9%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: August 3, 2022 (1380 days ago)
Last Modified: February 13, 2026
Vendor: Splunk

Description

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CWE

CWE-129

Affected Products

sqlite sqlitenetapp ontap select deploy administration utilitysplunk universal forwarder

References

🔗 blog.trailofbits.com 🔗 kb.cert.org 🔗 security.gentoo.org 🔗 security.netapp.com 🔗 sqlite.org