sqlite: does not properly implement the dequoting of collation-sequence names or comparison operators and does not properly handle precision and width values during floating-point conversions (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)
the following vulnerabilities were published for sqlite3.
CVE-2015-3414[0]:
| SQLite before 3.8.9 does not properly implement the dequoting of
| collation-sequence names, which allows context-dependent attackers
to
| cause a denial of service (uninitialized memory access and
application
| crash) or possibly have unspecified other impact via a crafted
COLLATE
| clause, as demonstrated by COLLATE“”“”“”“” at the end of a SELECT
| statement.
CVE-2015-3415[1]:
| The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does
not
| properly implement comparison operators, which allows
| context-dependent attackers to cause a denial of service (invalid
free
| operation) or possibly have unspecified other impact via a crafted
| CHECK clause, as demonstrated by CHECK (0&O>O) in a CREATE
TABLE
| statement.
CVE-2015-3416[2]:
| The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
| not properly handle precision and width values during floating-point
| conversions, which allows context-dependent attackers to cause a
| denial of service (integer overflow and stack-based buffer overflow)
| or possibly have unspecified other impact via large integers in a
| crafted printf function call in a SELECT statement.
Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
(from redmine: issue id 4303, created on 2015-06-12, closed on 2015-08-07)
- Relations:
- child #4304 (closed)
- child #4305 (closed)
- child #4306 (closed)