7.5

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Data is provided by the National Vulnerability Database (NVD)
ApplemacOS X Version10.10.5
ApplewatchOS Version1.0.1
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
SqliteSqlite Version <= 3.8.8.3
PhpPhp Version >= 5.4.0 < 5.4.42
PhpPhp Version >= 5.5.0 < 5.5.26
PhpPhp Version >= 5.6.0 < 5.6.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.08% 0.912
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://www.securitytracker.com/id/1033703
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/31
Third Party Advisory
VDB Entry
Mailing List
http://www.securityfocus.com/bid/74228
Third Party Advisory
VDB Entry