Impact
SQLitePCLRaw.lib.e_sqlite3 ships native SQLite binaries for .NET applications. Advisory sources associate affected package versions with CVE-2025-6965 / GHSA-2m69-gcr7-jv3q, a SQLite memory-corruption issue fixed upstream in SQLite 3.50.2 [S1][S2][S3]. Runtime impact depends on whether an affected native package is restored into a deployed artifact and whether untrusted SQL or crafted database content can reach SQLite.
Root Cause
The advisory traces to an integer-overflow memory-corruption issue in SQLite versions before 3.50.2 [S1][S3]. The legacy SQLitePCLRaw.lib.e_sqlite3 package line bundles native SQLite binaries for .NET consumers and the NuGet package metadata now directs users toward SourceGear.sqlite3 as the replacement package path [S4][S5].
Covered by FixVibe
FixVibe covers this issue in GitHub repo scans as a version-based NuGet dependency advisory. Reports flag repository package evidence for affected SQLitePCLRaw native SQLite packages and show the package, version or constraint evidence, file path, advisory identifiers, and remediation guidance. This check does not execute the application, inspect deployed native binaries, prove attacker-controlled SQL reaches SQLite, process malicious database inputs, or reproduce memory corruption.
Fix
Replace affected SQLitePCLRaw native SQLite packages with SourceGear.sqlite3 3.50.2 or newer where compatible, or another SQLitePCLRaw-compatible native SQLite package that bundles SQLite 3.50.2 or newer [S3][S5]. Regenerate NuGet lockfiles, restore packages, rebuild every deployed app, worker, desktop, or mobile artifact that includes the native library, and verify the dependency graph no longer resolves the affected package versions. Keep validation to dependency-tree, lockfile, artifact, and normal database smoke-test evidence rather than exploit reproduction.