Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3416

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 3.7

Описание

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteWill not fix
Red Hat Enterprise Linux 6sqliteFixedRHSA-2015:163417.08.2015
Red Hat Enterprise Linux 7sqliteFixedRHSA-2015:163517.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1212357sqlite: stack buffer overflow in src/printf.c

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3416

ubuntu
почти 11 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

nvd логотип

CVE-2015-3416

nvd
почти 11 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

msrc логотип

CVE-2015-3416

msrc
5 месяцев назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

debian логотип

CVE-2015-3416

debian
почти 11 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...

github логотип

GHSA-33jw-h57w-fr79

github
больше 3 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

3.7 Low

CVSS2