CVE-2015-3414
published 2015-04-24CVE-2015-3414: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_9 | — | — |
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| apple | mac_os_x | — | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| apple | watchos | — | — |
| apple | watchos_2 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | sqlite3 | < sqlite3 3.8.9-1 (bookworm) | sqlite3 3.8.9-1 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.2-1ubuntu2.1 | 3.8.2-1ubuntu2.1 |
| php | php | >= 5.4.0 < 5.4.42 | 5.4.42 |
| php | php | >= 5.5.0 < 5.5.26 | 5.5.26 |
| php | php | >= 5.6.0 < 5.6.10 | 5.6.10 |
| sqlite | sqlite | <= 3.8.8.3 | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH