Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-3414

Published: 24/04/2015 Updated: 16/08/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sqlite

Vulnerability Summary

SQLite prior to 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent malicious users to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlite sqlite

apple watchos 1.0.1

apple mac os x 10.10.5

debian debian linux 8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

php php

Vendor Advisories

Debian CVElist Bug Report Logs: sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416
Debian Bug report logs - #783968 sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 1 May 2015 17:54:01 UTC Severity: important Tags: fixed-upstream, securit ...
Ubuntu Security Notice: sqlite3 vulnerabilities
SQLite could be made to crash or run programs if it processed specially crafted queries ...
Debian Security Advisories: DSA-3252-1 sqlite3 -- security update
Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code For the stable distribution (jessie), these problems have been fixed in version 3871-1+deb8u1 For the testing distribution (stretch), these problems have been fixed in version 389-1 For the unstable distrib ...
Red Hat: CVE-2015-3414
A flaw was found in the way SQLite handled dequoting of collation-sequence names A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts ...
Amazon Linux AMI: ALAS-2015-561
Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416) All PHP 54 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5442">upstream release notes</ ...
Amazon Linux AMI: ALAS-2015-563
Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 56 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5610">upstream release notes&lt ...
Amazon Linux AMI: ALAS-2015-562
Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326) All PHP 55 users are encouraged to upgrade to this version Please see the <a href="phpnet/ChangeLog-5php#5526">upstream release notes&lt ...
Amazon Linux AMI: ALAS-2015-591
A flaw was found in the way SQLite handled dequoting of collation-sequence names A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts (CVE-2015-3414) It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators A local a ...

References

CWE-908https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2http://seclists.org/fulldisclosure/2015/Apr/31http://www.debian.org/security/2015/dsa-3252http://www.mandriva.com/security/advisories?name=MDVSA-2015:217http://www.ubuntu.com/usn/USN-2698-1https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttps://support.apple.com/HT205213http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securitytracker.com/id/1033703https://security.gentoo.org/glsa/201507-05http://rhn.redhat.com/errata/RHSA-2015-1635.htmlhttp://www.securityfocus.com/bid/74228http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968https://usn.ubuntu.com/2698-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3414
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook