Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3414

Опубликовано: 24 апр. 2015
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Версия до 3.8.8.3 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.4.0 (включая) до 5.4.42 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.5.0 (включая) до 5.5.26 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.6.0 (включая) до 5.6.10 (исключая)

EPSS

Процентиль: 91%
0.07077
Низкий

7.5 High

CVSS2

Дефекты

CWE-908

Связанные уязвимости

ubuntu логотип

CVE-2015-3414

ubuntu
около 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

redhat логотип

CVE-2015-3414

redhat
около 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

debian логотип

CVE-2015-3414

debian
около 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of colla ...

github логотип

GHSA-9qxq-827h-4w5v

github
около 3 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

oracle-oval логотип

ELSA-2015-1635

oracle-oval
почти 10 лет назад

ELSA-2015-1635: sqlite security update (MODERATE)

EPSS

Процентиль: 91%
0.07077
Низкий

7.5 High

CVSS2

Дефекты

CWE-908