An update for sqlite is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2755 Final 1.0 1.0 2026-06-24 Initial 2026-06-24 2026-06-24 openEuler SA Tool V1.0 2026-06-24 sqlite security update An update for sqlite is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day.It also include lemon and sqlite3_analyzer and tcl tools. Security Fix(es): SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.(CVE-2026-11822) SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.(CVE-2026-11824) An update for sqlite is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High sqlite https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2755 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-11822 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-11824 https://nvd.nist.gov/vuln/detail/CVE-2026-11822 https://nvd.nist.gov/vuln/detail/CVE-2026-11824 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 sqlite-3.32.3-9.oe2003sp4.aarch64.rpm sqlite-debuginfo-3.32.3-9.oe2003sp4.aarch64.rpm sqlite-debugsource-3.32.3-9.oe2003sp4.aarch64.rpm sqlite-devel-3.32.3-9.oe2003sp4.aarch64.rpm sqlite-3.37.2-9.oe2203sp4.aarch64.rpm sqlite-debuginfo-3.37.2-9.oe2203sp4.aarch64.rpm sqlite-debugsource-3.37.2-9.oe2203sp4.aarch64.rpm sqlite-devel-3.37.2-9.oe2203sp4.aarch64.rpm sqlite-3.42.0-6.oe2403sp1.aarch64.rpm sqlite-debuginfo-3.42.0-6.oe2403sp1.aarch64.rpm sqlite-debugsource-3.42.0-6.oe2403sp1.aarch64.rpm sqlite-devel-3.42.0-6.oe2403sp1.aarch64.rpm sqlite-3.42.0-6.oe2403sp3.aarch64.rpm sqlite-debuginfo-3.42.0-6.oe2403sp3.aarch64.rpm sqlite-debugsource-3.42.0-6.oe2403sp3.aarch64.rpm sqlite-devel-3.42.0-6.oe2403sp3.aarch64.rpm sqlite-3.32.3-9.oe2003sp4.src.rpm sqlite-3.37.2-9.oe2203sp4.src.rpm sqlite-3.42.0-6.oe2403sp1.src.rpm sqlite-3.42.0-6.oe2403sp3.src.rpm sqlite-3.32.3-9.oe2003sp4.x86_64.rpm sqlite-debuginfo-3.32.3-9.oe2003sp4.x86_64.rpm sqlite-debugsource-3.32.3-9.oe2003sp4.x86_64.rpm sqlite-devel-3.32.3-9.oe2003sp4.x86_64.rpm sqlite-3.37.2-9.oe2203sp4.x86_64.rpm sqlite-debuginfo-3.37.2-9.oe2203sp4.x86_64.rpm sqlite-debugsource-3.37.2-9.oe2203sp4.x86_64.rpm sqlite-devel-3.37.2-9.oe2203sp4.x86_64.rpm sqlite-3.42.0-6.oe2403sp1.x86_64.rpm sqlite-debuginfo-3.42.0-6.oe2403sp1.x86_64.rpm sqlite-debugsource-3.42.0-6.oe2403sp1.x86_64.rpm sqlite-devel-3.42.0-6.oe2403sp1.x86_64.rpm sqlite-3.42.0-6.oe2403sp3.x86_64.rpm sqlite-debuginfo-3.42.0-6.oe2403sp3.x86_64.rpm sqlite-debugsource-3.42.0-6.oe2403sp3.x86_64.rpm sqlite-devel-3.42.0-6.oe2403sp3.x86_64.rpm sqlite-help-3.32.3-9.oe2003sp4.noarch.rpm sqlite-help-3.37.2-9.oe2203sp4.noarch.rpm sqlite-help-3.42.0-6.oe2403sp1.noarch.rpm sqlite-help-3.42.0-6.oe2403sp3.noarch.rpm SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database. 2026-06-24 CVE-2026-11822 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H sqlite security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2755 SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5. 2026-06-24 CVE-2026-11824 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H sqlite security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2755