Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в SQLite
дополнено с 16 апреля 2015 г.
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14389
Тип:библиотека
Уровень опасности:
6/10
Описание:Свыше 20 ошибок, в т.ч. работа с неинициализированной памятью.
Затронутые продукты:SQLITE : SQLite 3.8
CVE:CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.)
 CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.)
 CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.)
Оригинальный текстdocumentDEBIAN, [ MDVSA-2015:217 ] sqlite3 (05.05.2015)
 documentMichal Zalewski, several issues in SQLite (+ catching up on several other bugs) (16.04.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород