Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3415

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 3.7

Описание

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteFixedRHSA-2015:163517.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1212356sqlite: invalid free() in src/vdbe.c

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3415

ubuntu
около 10 лет назад

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

nvd логотип

CVE-2015-3415

nvd
около 10 лет назад

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

debian логотип

CVE-2015-3415

debian
около 10 лет назад

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...

github логотип

GHSA-p88q-qx6q-mhv3

github
около 3 лет назад

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

oracle-oval логотип

ELSA-2015-1635

oracle-oval
почти 10 лет назад

ELSA-2015-1635: sqlite security update (MODERATE)

3.7 Low

CVSS2