Описание
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/xenial | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.8.10.2-1 |
| bionic | not-affected | 3.8.10.2-1 |
| cosmic | not-affected | 3.8.10.2-1 |
| devel | not-affected | 3.8.10.2-1 |
| disco | not-affected | 3.8.10.2-1 |
| eoan | not-affected | 3.8.10.2-1 |
| esm-infra-legacy/trusty | released | 3.8.2-1ubuntu2.1 |
| esm-infra/bionic | not-affected | 3.8.10.2-1 |
| esm-infra/focal | not-affected | 3.8.10.2-1 |
| esm-infra/xenial | not-affected | 3.8.10.2-1 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
EPSS
7.5 High
CVSS2