IRONSMITHINTEL
MEDIUMCVSS5.5
|CVE-2024-0232|Auth: none|Reboot: not required|Est. 15–30 minutes per application|Manual only

SQLite < 3.45.0 — RCE

A flaw in SQLite's JSON processing can crash or compromise applications that process untrusted JSON data through SQLite's built-in JSON functions.

Published May 3, 2026 · Updated May 29, 2026
XLinkedIn
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker who can cause an application to process attacker-controlled JSON through SQLite's JSON functions can trigger a heap overflow. Depending on the application, this may lead to a crash (denial of service) or potentially arbitrary code execution in the application's context.

How the attack works

SQLite is a lightweight embedded database library used by thousands of applications including Chrome, Python, and many enterprise tools. It is rarely installed as a standalone service — instead it is bundled inside other applications. A heap buffer overflow in SQLite's JSONB handler can be triggered when processing specially crafted JSON data through SQLite's json_* functions.

Am I affected?Quick check

Probably yes if any of these apply:

Any server with applications using SQLite < 3.45.0 with JSON functions
Running SQLite < 3.45.0

Affected OS versions

Windows Server 2016Windows Server 2019Windows Server 2022
Fixed in3.45.0
Real-world incidentsWhat we've seen

A web application that stores and queries user-supplied JSON data in a SQLite database processes a malformed JSON payload. The heap overflow crashes the application, causing a service outage. Depending on the application architecture, a skilled attacker may be able to exploit the overflow for code execution.

How to patch

Manual remediation steps

15–30 minutes per application

Find All SQLite Installations

# Search for SQLite DLL files
Get-ChildItem -Path C:\, D:\ -Filter 'sqlite3.dll' -Recurse -ErrorAction SilentlyContinue |
    ForEach-Object {
        $v = [System.Diagnostics.FileVersionInfo]::GetVersionInfo($_.FullName)
        [PSCustomObject]@{
            Path    = $_.FullName
            Version = $v.FileVersion
            Product = $v.ProductName
        }
    } | Format-Table -AutoSize

# Check Python bundled SQLite
python -c 'import sqlite3; print("Python SQLite:", sqlite3.sqlite_version)' 2>$null

Remediation — Update the Parent Application

SQLite cannot be updated independently. Update the application that bundles it:

| Application | How to Update | |---|---| | Google Chrome | Update Chrome | | Python | Update Python | | Firefox | Update Firefox | | Custom app | Recompile with SQLite 3.45.0+ |

Verification

python -c 'import sqlite3; print(sqlite3.sqlite_version)'
# Must show 3.45.0 or later
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-0232

Related vulnerabilities

HIGH

SQL Server Cumulative Updates Are Not Delivered via Windows Update

Microsoft SQL Server

HIGH7.5

MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2025-14847)

MongoDB MongoDB and MongoDB Server

CVE-2025-14847

HIGH8.8

KB4532095: Windows Server Security Update (February 2020)

Microsoft SQL Server

CVE-2020-0618