Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3416

Опубликовано: 24 апр. 2015
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Версия до 3.8.8.3 (включая)
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.6.8 (включая)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Версия до 1.0.1 (включая)
Конфигурация 5

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.4.0 (включая) до 5.4.42 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.5.0 (включая) до 5.5.26 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 5.6.0 (включая) до 5.6.10 (исключая)

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2015-3416

ubuntu
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

redhat логотип

CVE-2015-3416

redhat
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

debian логотип

CVE-2015-3416

debian
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...

github логотип

GHSA-33jw-h57w-fr79

github
около 3 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

oracle-oval логотип

ELSA-2015-1634

oracle-oval
почти 10 лет назад

ELSA-2015-1634: sqlite security update (MODERATE)

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS2

Дефекты

CWE-190