Sqlite Integer Overflow or Wraparound Vulnerability - CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1 the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g. 2MB or more) an integer overflow occurs in calculating the size of the result buffer and thus malloc may not allocate enough memory.