CVE-2015-7036: The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a…

CVE-2015-7036 [HIGH] sqlite: arbitrary code execution on databases with malformed schema sqlite: arbitrary code execution on databases with malformed schema The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. Statement: This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Package: sqlite (Red Hat Enterprise Linux

CVE-2015-7036 [HIGH] CVE-2015-7036: OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Security Update: About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 Product: OS X Yosemite v10.10.4 and Security Update 2015-005 CVE: CVE-2015-7036 Component: CVE-ID

CVE-2015-7036 [HIGH] CVE-2015-7036: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-7036 Component: CVE-ID

CVE-2015-7036 [HIGH] CWE-20 GHSA-x42v-52fm-9rqq: The fts3_tokenizer function in SQLite, as used in Apple iOS before 8 The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

CVE-2015-7036 [HIGH] CVE-2015-7036 sqlite: arbitrary code execution on databases with malformed schema [fedora-all] CVE-2015-7036 sqlite: arbitrary code execution on databases with malformed schema [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple suppo

CVE-2015-7036 [HIGH] CVE-2015-7036 sqlite2: sqlite: arbitrary code execution on databases with malformed schema [epel-all] CVE-2015-7036 sqlite2: sqlite: arbitrary code execution on databases with malformed schema [epel-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects mu

CVE-2015-7036 [HIGH] CVE-2015-7036 sqlite2: sqlite: arbitrary code execution on databases with malformed schema [fedora-all] CVE-2015-7036 sqlite2: sqlite: arbitrary code execution on databases with malformed schema [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multi

CVE-2015-7036 [HIGH] CVE-2015-7036 sqlite: arbitrary code execution on databases with malformed schema CVE-2015-7036 sqlite: arbitrary code execution on databases with malformed schema It is possible to craft SQLite databases that, when opened by an application expecting a specific SQL schema, could cause arbitrary code execution. The issue is in the handling of the fts3_tokenizer function: https://www.sqlite.org/mark/fts3.html?FTS+does+not&If+the+fts3*callback#mark Yum might be affected, but due to the use of HTTPS in RHEL, and in Fedora, the digest from the mirror list service should protect clients. The issue does not appear to be fixed upstream yet: https://www.sqlite.org/src/finfo?name=ext/fts3/fts3_tokenizer.c&ci=trunk External References: http://zerodayinitiative.com/advisories/ZDI-15-570/ Discussion: Created sqlite2 tracking bugs for this issue: Affects: fedora-all [bug 1

CVE-2019-8457 SELECT code_execution FROM * USING SQLite; Latest Publications CPR Podcast Channel AI Research Web 3.0 Security Intelligence Reports ThreatCloud AI Threat Intelligence & Research Zero Day Protection Sandblast File Analysis About Us SUBSCRIBE AI Research 2 Android Malware 23 Artificial Intelligence 4 ChatGPT 3 Check Point Research Publications 455 Cloud Security 1 CPRadio 44 Crypto 2 Data & Threat Intelligence 2 Data Analysis 0 Demos 22 Global Cyber Attack Reports 408 How To Guides 13 Ransomware 5 Russo-Ukrainian War 1 Security Report 1 Threat and data analysis 0 Threat Research 174 Web 3.0 Security 11 Wipers 0 ## SELECT code_execution FROM * USING SQLite; ## Gaining code execution using a malicious SQLite database Research By: Omer Gull ## tl;dr SQLite is one of the most deployed software in