Computer Security
[EN] securityvulns.ru no-pyccku


SQLite multiple security vulnerabilities
updated since 16.04.2015
Published:05.05.2015
Source:
SecurityVulns ID:14389
Type:library
Threat Level:
6/10
Description:Over 20 errors, including uninitialized memory access.
Affected:SQLITE : SQLite 3.8
CVE:CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.)
 CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.)
 CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.)
Original documentdocumentDEBIAN, [ MDVSA-2015:217 ] sqlite3 (05.05.2015)
 documentMichal Zalewski, several issues in SQLite (+ catching up on several other bugs) (16.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod