PT-2015-6222 · Sqlite+5 · Sqlite+5

Michal Zalewski

·

Publicado

2015-04-24

·

Atualizado

2024-06-15

·

CVE-2015-3416

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.8.9
Description The issue concerns the sqlite3VXPrintf function in printf.c, which does not properly handle precision and width values during floating-point conversions. This can be exploited by context-dependent attackers to cause a denial of service, specifically an integer overflow and stack-based buffer overflow, or possibly have other unspecified impacts. The attack can be carried out via large integers in a crafted printf function call in a SELECT statement.
Recommendations For versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2015-1413
CESA-2015_1634
CESA-2015_1635
CVE-2015-3416
DSA-3252-1
DSA-3252-2
MGASA-2015-0234
OPENSUSE-SU-2024:10290-1
OPENSUSE-SU-2024:10344-1
RHSA-2015:1634
RHSA-2015:1635
RHSA-2015_1634
RHSA-2015_1635
USN-2698-1

Produtos afetados

Alt Linux
Centos
Red Hat
Sqlite
Ubuntu
Itunes