Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-7036

Published: 22/11/2015 Updated: 01/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

The fts3_tokenizer function in SQLite, as used in Apple iOS prior to 8.4 and OS X prior to 10.10.4, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

apple iphone os

Vendor Advisories

Red Hat: CVE-2015-7036
The fts3_tokenizer function in SQLite, as used in Apple iOS before 84 and OS X before 10104, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument ...
Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS OpenSSL ASN1 Encoder Negative Zero Value ...

Recent Articles

SELECT code_execution FROM * USING SQLite: Eggheads lift the lid on DB security hijinks
The Register • Thomas Claburn in San Francisco • 10 Aug 2019

You've heard of ROP? Now get a load of QOP

DEF CON At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution. In a technical summary provided to The Register ahead of their presentation, Check Point's Omer Gull sets out how he and his colleague Omri Herscovici developed techniques referred to as Query Hijacking and Query Orien...

Read more...

References

CWE-20http://zerodayinitiative.com/advisories/ZDI-15-570/http://support.apple.com/kb/HT204941http://support.apple.com/kb/HT204942https://security.gentoo.org/glsa/201612-21https://nvd.nist.govhttps://www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/https://access.redhat.com/security/cve/cve-2015-7036https://www.tenable.com/security/tns-2016-13
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook