Cyber Resilience

CVE-2022-35737

HighPublic PoC

Published: 03 August 2022

Published
03 August 2022
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.5428 98.1th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35737 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Splunk Universal Forwarder. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

SQLite versions 1.0.12 through 3.39.x before 3.39.2 contain an array-bounds overflow condition that can be triggered when billions of bytes are supplied in a string argument passed to a C API function. The flaw is tracked under CWE-129 and carries a CVSS 3.1 score of 7.5 with network attack vector and high availability impact.

An unauthenticated remote attacker can supply a specially crafted large string to an affected SQLite instance reachable over the network, resulting in a crash or denial of service; no privileges or user interaction are required.

Advisories and vendor notices recommend upgrading to SQLite 3.39.2 or later, with coordinated updates published by distributions such as Gentoo and vendors including NetApp; the official SQLite release notes for 3.39.2 document the correction.

The CVE maintains an EPSS score that has remained elevated near 0.55 since disclosure, indicating sustained exploitation interest, while detailed analysis appears in reporting from Trail of Bits and CERT.

EU & UK References

Vulnerability details

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sqlite
sqlite
1.0.12 — 3.39.2
netapp
ontap select deploy administration utility
all versions
splunk
universal forwarder
9.1.0 · 8.2.0 — 8.2.12 · 9.0.0 — 9.0.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References