CVE-2026-11822
Published: June 13, 2026Last modified: June 19, 2026
Description
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | sqlite | Unknown (3.40.0-r0) |
| 25 LTS | sqlite | Unknown (3.49.2-r0) | |
| Stream | sqlite | Fixed (3.53.2-r0) | |
| Hardened Containers | 23 LTS | sqlite | Unknown (3.40.0-r0) |
| 25 LTS | sqlite | Unknown (3.49.2-r0) | |
| Stream | sqlite | Fixed (3.53.2-r0) |