Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3416

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 3.7
EPSS Низкий

Описание

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteWill not fix
Red Hat Enterprise Linux 6sqliteFixedRHSA-2015:163417.08.2015
Red Hat Enterprise Linux 7sqliteFixedRHSA-2015:163517.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1212357sqlite: stack buffer overflow in src/printf.c

EPSS

Процентиль: 90%
0.05572
Низкий

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3416

ubuntu
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

nvd логотип

CVE-2015-3416

nvd
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

debian логотип

CVE-2015-3416

debian
около 10 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...

github логотип

GHSA-33jw-h57w-fr79

github
около 3 лет назад

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

oracle-oval логотип

ELSA-2015-1634

oracle-oval
почти 10 лет назад

ELSA-2015-1634: sqlite security update (MODERATE)

EPSS

Процентиль: 90%
0.05572
Низкий

3.7 Low

CVSS2