CVE-2015-3414

2015-04-2417:59:00

CWE-908

[email protected]

web.nvd.nist.gov

148

cve-2015-3414

sqlite

security vulnerability

denial of service

memory access

application crash

nvd

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"“”“”“”" at the end of a SELECT statement.

CPENameOperatorVersion
sqlite:sqlitesqlitele3.8.8.3
apple:watchosapple watchoseq1.0.1
apple:mac_os_xapple mac os xeq10.10.5
debian:debian_linuxdebian debian linuxeq8.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
php:phpphplt5.5.26
php:phpphplt5.6.10
php:phpphplt5.4.42

CPE	Name	Operator	Version
sqlite:sqlite	sqlite	le	3.8.8.3
apple:watchos	apple watchos	eq	1.0.1
apple:mac_os_x	apple mac os x	eq	10.10.5
debian:debian_linux	debian debian linux	eq	8.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
php:php	php	lt	5.5.26
php:php	php	lt	5.6.10
php:php	php	lt	5.4.42