漏洞修补列表
软件名称 |
软件版本 |
漏洞编号 |
CVE编号 |
实际CVSS得分 |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|---|
SQLite |
3.46.1 |
HWPSIRT-2025-47883 |
CVE-2025-6965 |
9.8 |
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. |
MindStudio 8.2.RC1 |
SQLite |
3.46.1 |
HWPSIRT-2025-71228 |
CVE-2025-29087 |
7.5 |
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. |
MindStudio 8.2.RC1 |
openEuler:protobuf |
25.1-7.oe2403sp1 |
HWPSIRT-2025-13994 |
CVE-2025-4565 |
5.3 |
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901 |
MindStudio 8.2.RC1 |
openEuler:ncurses |
6.4-8.oe2403sp1 |
HWPSIRT-2025-86373 |
CVE-2025-6141 |
3.3 |
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. |
MindStudio 8.2.RC1 |
SQLite |
3.46.1 |
HWPSIRT-2025-94377 |
CVE-2025-7709 |
9.8 |
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. |
MindStudio 8.2.RC1 |
openEuler:abseil-cpp |
20230802.1-5.oe2403sp1 |
HWPSIRT-2025-15359 |
CVE-2025-0838 |
9.8 |
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 |
MindStudio 8.2.RC1 |