Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-3415

Published: 24 April 2015

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Priority

Low

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(code not present)
cosmic Not vulnerable
(code not present)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(code not present)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
sqlite3
Launchpad, Ubuntu, Debian
artful Not vulnerable
(3.8.10.2-1)
bionic Not vulnerable
(3.8.10.2-1)
cosmic Not vulnerable
(3.8.10.2-1)
lucid Ignored
(reached end-of-life)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (3.8.9)
utopic Not vulnerable
(code not present)
vivid
Released (3.8.7.4-1ubuntu0.1)
wily Not vulnerable
(3.8.10.2-1)
xenial Not vulnerable
(3.8.10.2-1)
yakkety Not vulnerable
(3.8.10.2-1)
zesty Not vulnerable
(3.8.10.2-1)
Patches:
upstream: https://www.sqlite.org/src/info/02e3c88fbf6abdcf