7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.6%
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and
OS X before 10.10.4, allows remote attackers to execute arbitrary code or
cause a denial of service (application crash) via a SQL command that
triggers an API call with a crafted pointer value in the second argument.
Author | Note |
---|---|
mdeslaur | as of 2016-01-08, no details. Probably Apple-specific. Marking as not-affected. |