PT-2015-6221 · Sqlite+6 · Sqlite+6

Michal Zalewski

Publicado

2015-04-24

Atualizado

2024-06-15

CVE-2015-3415

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.8.9

Description The issue is related to the improper implementation of comparison operators in the sqlite3VdbeExec function, which can be exploited by context-dependent attackers. This can be achieved via a crafted CHECK clause, for example, CHECK(0&O>O) in a CREATE TABLE statement, potentially leading to a denial of service or other unspecified impacts.

Recommendations For versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CHECK clause in CREATE TABLE statements until a patch is applied.

Correção

DoS

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

ALT-PU-2015-1413

CESA-2015_1635

CVE-2015-3415

DSA-3252-1

MGASA-2015-0234

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2015:1635

RHSA-2015_1635

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-2698-1

Produtos afetados

Alt Linux

Centos

Red Hat

Sqlite

Suse

Ubuntu

Itunes

PT-2015-6221 · Sqlite+6 · Sqlite+6

CVE-2015-3415

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 284