Veracode Vulnerability DatabaseVERACODE:26914Arbitrary Code Execution
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
SQLite is vulnerable to arbitrary code execution. A stack-based buffer overflow and integer overflow in the sqlite3VXPrintf function in printf.c allows an attacker to execute arbitrary code on the host OS due to improperly handling of precision and width values during floating-point conversions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sqlite3:precise | eq | 3.7.9-2ubuntu1 | |
| sqlite3:trusty | eq | 3.8.2-1ubuntu2 | |
| sqlite3:precise | eq | 3.7.9-2ubuntu1 | |
| sqlite3:trusty | eq | 3.8.2-1ubuntu2 |
References
lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
rhn.redhat.com/errata/RHSA-2015-1634.html
rhn.redhat.com/errata/RHSA-2015-1635.html
seclists.org/fulldisclosure/2015/Apr/31
www.debian.org/security/2015/dsa-3252
www.mandriva.com/security/advisories?name=MDVSA-2015:217
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/74228
www.securitytracker.com/id/1033703
www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920
www.ubuntu.com/usn/USN-2698-1
security.gentoo.org/glsa/201507-05
support.apple.com/HT205213
support.apple.com/HT205267
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P