PT-2015-7469 · Apple+1 · Os X+2

Peter Rutenbar

Published

2015-11-18

Updated

2017-07-01

CVE-2015-7036

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions prior to the version in iOS 8.4 and OS X 10.10.4 iOS versions prior to 8.4 OS X versions prior to 10.10.4

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a SQL command that triggers an API call with a crafted pointer value in the second argument. This is related to the fts3 tokenizer function in SQLite.

Recommendations For SQLite, update to a version that is not vulnerable to this issue. For iOS, update to version 8.4 or later. For OS X, update to version 10.10.4 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-7036

ZDI-15-570

Affected Products

Os X

Sqlite

Ios

PT-2015-7469 · Apple+1 · Os X+2

CVE-2015-7036

Weakness Enumeration

Related Identifiers

Affected Products

References · 6