CVE-2026-11824
Published: June 13, 2026Last modified: June 19, 2026
Description
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | sqlite | Unknown (3.40.0-r0) |
| 25 LTS | sqlite | Unknown (3.49.2-r0) | |
| Stream | sqlite | Fixed (3.53.2-r0) | |
| Hardened Containers | 23 LTS | sqlite | Unknown (3.40.0-r0) |
| 25 LTS | sqlite | Unknown (3.49.2-r0) | |
| Stream | sqlite | Fixed (3.53.2-r0) |