what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2015-3416

Status Candidate

Overview

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Related Files

Apple Security Advisory 2017-03-28-2
Posted Mar 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153, CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
SHA-256 | 5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221a
Apple Security Advisory 2017-03-22-2
Posted Mar 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800
Apple Security Advisory 2017-03-22-1
Posted Mar 23, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | 92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509
Red Hat Security Advisory 2015-1635-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1635-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | a0efdeb75f1c30ee358397a36729d3fe23e95d4dc3424a9aa6ec32de06cdaf97
Red Hat Security Advisory 2015-1634-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1634-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3416
SHA-256 | e2762eea5beb5fd075760c1b0b8af959cd5f3c3de8d5ef879e22ec6715b97e02
Ubuntu Security Notice USN-2698-1
Posted Aug 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2698-1 - It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Michal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | 937b9f09e2a968893a7d63eceeef3020011624592253a0fec716f4b4f447004f
Slackware Security Advisory - php Updates
Posted Jul 20, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2015-2325, CVE-2015-2326, CVE-2015-3152, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644
SHA-256 | a878dedbe56e20804e45f7a781334aab7ec38b4450537c6f93add15127d7748f
Gentoo Linux Security Advisory 201507-05
Posted Jul 7, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-5 - Multiple vulnerabilities have been found in SQLite, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 3.8.9 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | 25bb7312d841f5f3b900c3e5c0ec81e6d09713156772856e0dd985686dcd1bd2
Debian Security Advisory 3252-2
Posted Jun 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3252-2 - Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or possibly have unspecified other impact.

tags | advisory, remote, denial of service, overflow
systems | linux, debian
advisories | CVE-2015-3416
SHA-256 | 7a0685c71c1b4c39a53b4d0bcb788d4af7b3ae6a988220dc6050e5abb4394346
Debian Security Advisory 3252-1
Posted May 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3252-1 - Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | 01ae9047c854e748060299f3f75e074a966d61e0722075a6d13479ca38341ab9
Mandriva Linux Security Advisory 2015-217
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | d7abd24a5ede0ffb411a19c7b4916189dd8611c728e2fd9900a0d2d4bb39756e
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close