logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-3415

Description

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.


Affected Software


CPE Name Name Version
apple:watchos apple watchos 1.0.1
apple:mac_os_x apple mac os x 10.10.5
debian:debian_linux debian debian linux 8.0
canonical:ubuntu_linux canonical ubuntu linux 12.04
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 15.04
sqlite:sqlite sqlite 3.8.8.3
php:php php 5.5.26
php:php php 5.6.10
php:php php 5.4.42

Related