CVE-2015-3414

Published: 24 April 2015

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Priority

Low

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.8.9)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.8.2-1ubuntu2.1)
Patches:
Upstream: https://www.sqlite.org/src/info/eddc05e7bb31fae7