7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
82.0%
Issue Overview:
A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)
It was found that SQLite’s sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)
It was found that SQLite’s sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416)
Affected Packages:
sqlite
Issue Correction:
Run yum update sqlite to update your system.
New Packages:
i686:
sqlite-tcl-3.7.17-6.13.amzn1.i686
sqlite-3.7.17-6.13.amzn1.i686
sqlite-devel-3.7.17-6.13.amzn1.i686
lemon-3.7.17-6.13.amzn1.i686
sqlite-debuginfo-3.7.17-6.13.amzn1.i686
noarch:
sqlite-doc-3.7.17-6.13.amzn1.noarch
src:
sqlite-3.7.17-6.13.amzn1.src
x86_64:
sqlite-3.7.17-6.13.amzn1.x86_64
sqlite-devel-3.7.17-6.13.amzn1.x86_64
lemon-3.7.17-6.13.amzn1.x86_64
sqlite-tcl-3.7.17-6.13.amzn1.x86_64
sqlite-debuginfo-3.7.17-6.13.amzn1.x86_64
Red Hat: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Mitre: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | sqlite-tcl | < 3.7.17-6.13.amzn1 | sqlite-tcl-3.7.17-6.13.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sqlite | < 3.7.17-6.13.amzn1 | sqlite-3.7.17-6.13.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sqlite-devel | < 3.7.17-6.13.amzn1 | sqlite-devel-3.7.17-6.13.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | lemon | < 3.7.17-6.13.amzn1 | lemon-3.7.17-6.13.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | sqlite-debuginfo | < 3.7.17-6.13.amzn1 | sqlite-debuginfo-3.7.17-6.13.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | sqlite-doc | < 3.7.17-6.13.amzn1 | sqlite-doc-3.7.17-6.13.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | sqlite | < 3.7.17-6.13.amzn1 | sqlite-3.7.17-6.13.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | sqlite-devel | < 3.7.17-6.13.amzn1 | sqlite-devel-3.7.17-6.13.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | lemon | < 3.7.17-6.13.amzn1 | lemon-3.7.17-6.13.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | sqlite-tcl | < 3.7.17-6.13.amzn1 | sqlite-tcl-3.7.17-6.13.amzn1.x86_64.rpm |