{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"sqlite security update", "category":"general", "title":"Synopsis" }, { "text":"An update for sqlite is now available for openEuler-24.03-LTS-SP2", "category":"general", "title":"Summary" }, { "text":"SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools.\n\nSecurity Fix(es):\n\nAn information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.(CVE-2025-70873)", "category":"general", "title":"Description" }, { "text":"An update for sqlite is now available for openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"sqlite", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1767", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1767" }, { "summary":"CVE-2025-70873", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-70873&packageName=sqlite" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-70873" }, { "summary":"openEuler-SA-2026-1767 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1767.json" } ], "title":"An update for sqlite is now available for openEuler-24.03-LTS-SP2", "tracking":{ "initial_release_date":"2026-03-27T22:10:14+08:00", "revision_history":[ { "date":"2026-03-27T22:10:14+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-27T22:10:14+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-27T22:10:14+08:00", "id":"openEuler-SA-2026-1767", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-3.42.0-5.oe2403sp2.aarch64.rpm", "name":"sqlite-3.42.0-5.oe2403sp2.aarch64.rpm" }, "name":"sqlite-3.42.0-5.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64.rpm", "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64.rpm" }, "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64.rpm", "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64.rpm" }, "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-devel-3.42.0-5.oe2403sp2.aarch64.rpm", "name":"sqlite-devel-3.42.0-5.oe2403sp2.aarch64.rpm" }, "name":"sqlite-devel-3.42.0-5.oe2403sp2.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-3.42.0-5.oe2403sp2.src.rpm", "name":"sqlite-3.42.0-5.oe2403sp2.src.rpm" }, "name":"sqlite-3.42.0-5.oe2403sp2.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-3.42.0-5.oe2403sp2.x86_64.rpm", "name":"sqlite-3.42.0-5.oe2403sp2.x86_64.rpm" }, "name":"sqlite-3.42.0-5.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64.rpm", "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64.rpm" }, "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64.rpm", "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64.rpm" }, "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-devel-3.42.0-5.oe2403sp2.x86_64.rpm", "name":"sqlite-devel-3.42.0-5.oe2403sp2.x86_64.rpm" }, "name":"sqlite-devel-3.42.0-5.oe2403sp2.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"sqlite-help-3.42.0-5.oe2403sp2.noarch.rpm", "name":"sqlite-help-3.42.0-5.oe2403sp2.noarch.rpm" }, "name":"sqlite-help-3.42.0-5.oe2403sp2.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-3.42.0-5.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.aarch64", "name":"sqlite-3.42.0-5.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64", "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64", "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-devel-3.42.0-5.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-devel-3.42.0-5.oe2403sp2.aarch64", "name":"sqlite-devel-3.42.0-5.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-3.42.0-5.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.src", "name":"sqlite-3.42.0-5.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-3.42.0-5.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.x86_64", "name":"sqlite-3.42.0-5.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64", "name":"sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64", "name":"sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-devel-3.42.0-5.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-devel-3.42.0-5.oe2403sp2.x86_64", "name":"sqlite-devel-3.42.0-5.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"sqlite-help-3.42.0-5.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:sqlite-help-3.42.0-5.oe2403sp2.noarch", "name":"sqlite-help-3.42.0-5.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-70873", "notes":[ { "text":"An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:sqlite-debuginfo-3.42.0-5.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:sqlite-debugsource-3.42.0-5.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:sqlite-devel-3.42.0-5.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.src", "openEuler-24.03-LTS-SP2:sqlite-3.42.0-5.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:sqlite-debuginfo-3.42.0-5.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:sqlite-debugsource-3.42.0-5.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:sqlite-devel-3.42.0-5.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:sqlite-help-3.42.0-5.oe2403sp2.noarch" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"sqlite security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1767" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-70873" } ] }