Lucene search
Peter RutenbarZDI-15-570HistoryNov 18, 2015 - 12:00 a.m.
SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability
2015-11-1800:00:00
Peter Rutenbar
www.zerodayinitiative.com
78
0.035 Low
EPSS
Percentile
91.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fts3_tokenizer function. The issue lies in the optional second argument which is expected to be a pointer into a structure. An attacker can leverage this vulnerability to achieve code execution under the context of the current process.
References
Related
prion
prion
Sql injection
2015-11-22 03:59:00
cvelist
cvelist
CVE-2015-7036
2015-11-22 02:00:00
nvd
nvd
CVE-2015-7036
2015-11-22 03:59:02
gentoo
gentoo
SQLite: Multiple vulnerabilities
2016-12-08 00:00:00
cve
cve
CVE-2015-7036
2015-11-22 03:59:02
nessus
nessus
GLSA-201612-21 : SQLite: Multiple vulnerabilities
2016-12-08 00:00:00
RHEL 7 : sqlite (Unpatched Vulnerability)
2024-06-03 00:00:00
Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
2015-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2015-7036
2015-11-22 00:00:00
checkpoint_advisories
checkpoint_advisories
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (Jul 2015)
2015-07-10 00:00:00
ibm
ibm