CVE-2015-3416

 

Published at: - 24-04-2015 07:59

Last modified: - 16-08-2022 03:28

Total changes: - 2

Description

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920
• 20150414 several issues in SQLite (+ catching up on several other bugs)-Mailing List, Third Party Advisory, VDB Entry
• DSA-3252-Third Party Advisory
• MDVSA-2015:217-Third Party Advisory
• USN-2698-1-Third Party Advisory
• https://support.apple.com/HT205267
• APPLE-SA-2015-09-30-3-Mailing List, Third Party Advisory
• APPLE-SA-2015-09-21-1-Mailing List, Third Party Advisory
• https://support.apple.com/HT205213
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• 1033703-Third Party Advisory, VDB Entry
• GLSA-201507-05-Third Party Advisory
• RHSA-2015:1635-Third Party Advisory
• RHSA-2015:1634-Third Party Advisory
• 74228-Third Party Advisory, VDB Entry
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

 

Keywords

NVD

 

CVE-2015-3416

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures