Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3414

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 3.7
EPSS Низкий

Описание

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteFixedRHSA-2015:163517.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-456
https://bugzilla.redhat.com/show_bug.cgi?id=1212353sqlite: use of uninitialized memory when parsing collation sequences in src/where.c

EPSS

Процентиль: 91%
0.07077
Низкий

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3414

ubuntu
больше 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

nvd логотип

CVE-2015-3414

nvd
больше 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

debian логотип

CVE-2015-3414

debian
больше 10 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of colla ...

github логотип

GHSA-9qxq-827h-4w5v

github
больше 3 лет назад

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

oracle-oval логотип

ELSA-2015-1635

oracle-oval
около 10 лет назад

ELSA-2015-1635: sqlite security update (MODERATE)

EPSS

Процентиль: 91%
0.07077
Низкий

3.7 Low

CVSS2