The sqlite3VXPrintf function in printf.c in SQLite prior to 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent malicious users to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
sqlite sqlite |
||
debian debian linux 8.0 |
||
apple mac os x |
||
apple watchos |
||
php php |