CVE-2015-3415

Опубликовано: 24 апр. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Ссылки

http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1635.html
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Apr/31
Mailing List
Third Party Advisory
VDB Entry
http://www.debian.org/security/2015/dsa-3252
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:217
Broken Link
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.securityfocus.com/bid/74228
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033703
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2698-1
Third Party Advisory
https://security.gentoo.org/glsa/201507-05
Third Party Advisory
https://support.apple.com/HT205213
Third Party Advisory
https://support.apple.com/HT205267
Third Party Advisory
https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1635.html
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Apr/31
Mailing List
Third Party Advisory
VDB Entry
http://www.debian.org/security/2015/dsa-3252
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

Версия до 3.8.8.3 (включая)

Конфигурация 5

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.4.42 (исключая)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 5.5.0 (включая) до 5.5.26 (исключая)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 5.6.0 (включая) до 5.6.10 (исключая)

EPSS

Процентиль: 91%

0.07077

Низкий

7.5 High

CVSS2

Дефекты

CWE-404

Связанные уязвимости

CVE-2015-3415

ubuntu

около 10 лет назад

CVE-2015-3415

redhat

около 10 лет назад

CVE-2015-3415

debian

около 10 лет назад

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...

GHSA-p88q-qx6q-mhv3

github

около 3 лет назад

ELSA-2015-1635

oracle-oval

почти 10 лет назад

ELSA-2015-1635: sqlite security update (MODERATE)

EPSS

Процентиль: 91%

0.07077

Низкий

7.5 High

CVSS2

Дефекты

CWE-404