CVE-2015-3414

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 24-04-2015 07:59

Last modified: - 16-08-2022 03:32

Total changes: - 2

Description

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

Reference

https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2
20150414 several issues in SQLite (+ catching up on several other bugs)-Mailing List, Third Party Advisory, VDB Entry
DSA-3252-Third Party Advisory
MDVSA-2015:217-Broken Link
USN-2698-1-Third Party Advisory
https://support.apple.com/HT205267
APPLE-SA-2015-09-30-3-Mailing List, Third Party Advisory
APPLE-SA-2015-09-21-1-Mailing List, Third Party Advisory
https://support.apple.com/HT205213
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
1033703-Third Party Advisory, VDB Entry
GLSA-201507-05-Third Party Advisory
RHSA-2015:1635-Third Party Advisory
74228-Third Party Advisory, VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Keywords

CVE-2015-3414

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-3414

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures