7.5

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version10.10.5
ApplewatchOS Version1.0.1
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
SqliteSqlite Version <= 3.8.8.3
PhpPhp Version >= 5.4.0 < 5.4.42
PhpPhp Version >= 5.5.0 < 5.5.26
PhpPhp Version >= 5.6.0 < 5.6.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.85% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Third Party Advisory
Mailing List
http://www.securitytracker.com/id/1033703
Third Party Advisory
VDB Entry
https://support.apple.com/HT205213
Third Party Advisory
https://support.apple.com/HT205267
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1635.html
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Apr/31
Third Party Advisory
VDB Entry
Mailing List
http://www.debian.org/security/2015/dsa-3252
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:217
Broken Link
http://www.securityfocus.com/bid/74228
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2698-1
Third Party Advisory
https://security.gentoo.org/glsa/201507-05
Third Party Advisory
https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
Vendor Advisory