PT-2015-6220 · Sqlite+6 · Sqlite+6

Michal Zalewski

Publicado

2015-04-24

Atualizado

2024-06-15

CVE-2015-3414

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.8.9

Description The issue is related to the improper implementation of the dequoting of collation-sequence names. This can be exploited by context-dependent attackers to cause a denial of service, resulting in uninitialized memory access and application crash, via a crafted COLLATE clause. For example, using COLLATE"""""""" at the end of a SELECT statement can trigger this issue.

Recommendations For SQLite versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Correção

DoS

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-908

Identificadores relacionados

ALT-PU-2015-1413

CESA-2015_1635

CVE-2015-3414

DSA-3252-1

MGASA-2015-0234

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2015:1635

RHSA-2015_1635

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

SUSE-SU-2021_2320-1

SUSE-SU-2021_3215-1

USN-2698-1

Produtos afetados

Alt Linux

Centos

Red Hat

Sqlite

Suse

Ubuntu

Itunes

PT-2015-6220 · Sqlite+6 · Sqlite+6

CVE-2015-3414

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 305