SQLite Zip Function Fails to Protect Sensitive Data in ZIP Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

SQLite Zip Function Fails to Protect Sensitive Data in ZIP Files

CVE-2025-70873

Summary

SQLite's zip file handling feature in versions 3.51.1 and earlier can expose sensitive information from maliciously crafted ZIP files. This means that attackers might be able to steal confidential data from a system using this feature. Upgrade to the latest version of SQLite to address this risk.

Original title

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Original description

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054
https://sqlite.org/forum/forumpost/761eac3c82
https://sqlite.org/src/info/3d459f1fb1bd1b5e

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026