PT-2015-6221 · Sqlite+6 · Sqlite+6

Michal Zalewski

Published

2015-04-24

Updated

2024-06-15

CVE-2015-3415

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.8.9

Description The issue is related to the improper implementation of comparison operators in the sqlite3VdbeExec function, which can be exploited by context-dependent attackers. This can be achieved via a crafted CHECK clause, for example, CHECK(0&O>O) in a CREATE TABLE statement, potentially leading to a denial of service or other unspecified impacts.

Recommendations For versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CHECK clause in CREATE TABLE statements until a patch is applied.

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2015-1413

CESA-2015_1635

CVE-2015-3415

DSA-3252-1

MGASA-2015-0234

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2015:1635

RHSA-2015_1635

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-2698-1

Affected Products

Alt Linux

Centos

Red Hat

Sqlite

Suse

Ubuntu

Itunes

PT-2015-6221 · Sqlite+6 · Sqlite+6

CVE-2015-3415

Weakness Enumeration

Related Identifiers

Affected Products

References · 284