CVE-2015-3415
published 2015-04-24CVE-2015-3415: The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_9 | — | — |
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| apple | mac_os_x | — | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| apple | watchos | — | — |
| apple | watchos_2 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | sqlite3 | < sqlite3 3.8.9-1 (bookworm) | sqlite3 3.8.9-1 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.9-1 | 3.8.9-1 |
| ghost | sqlite3 | >= 0 < 3.8.2-1ubuntu2.1 | 3.8.2-1ubuntu2.1 |
| php | php | >= 5.4.0 < 5.4.42 | 5.4.42 |
| php | php | >= 5.5.0 < 5.5.26 | 5.5.26 |
| php | php | >= 5.6.0 < 5.6.10 | 5.6.10 |
| sqlite | sqlite | <= 3.8.8.3 | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH