PT-2015-6220 · Sqlite+6 · Sqlite+6

Michal Zalewski

Published

2015-04-24

Updated

2024-06-15

CVE-2015-3414

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.8.9

Description The issue is related to the improper implementation of the dequoting of collation-sequence names. This can be exploited by context-dependent attackers to cause a denial of service, resulting in uninitialized memory access and application crash, via a crafted COLLATE clause. For example, using COLLATE"""""""" at the end of a SELECT statement can trigger this issue.

Recommendations For SQLite versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Fix

DoS

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALT-PU-2015-1413

CESA-2015_1635

CVE-2015-3414

DSA-3252-1

MGASA-2015-0234

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2015:1635

RHSA-2015_1635

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

SUSE-SU-2021_2320-1

SUSE-SU-2021_3215-1

USN-2698-1

Affected Products

Alt Linux

Centos

Red Hat

Sqlite

Suse

Ubuntu

Itunes

PT-2015-6220 · Sqlite+6 · Sqlite+6

CVE-2015-3414

Weakness Enumeration

Related Identifiers

Affected Products

References · 305