A security vulnerability has been discovered in SQLite used with IBM Security Network Protection.
CVEID: CVE-2015-3416**
DESCRIPTION:** SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during floating-point conversions by the sqlite3VXPrintf function in printf.c. A remote attacker could exploit this vulnerability using large integers in a crafted printf function call to cause a denial of service and possibly have other unspecified impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102594 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.8 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
IBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security network protection | eq | 5.3.1 | |
ibm security network protection | eq | 5.3.2 |