CVE-2015-3415

Published: 24 April 2015

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Priority

Low

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.8.9)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.8.10.2-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.8.10.2-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://www.sqlite.org/src/info/02e3c88fbf6abdcf