Lucene search

Veracode Vulnerability DatabaseVERACODE:26914

HistorySep 21, 2020 - 6:25 a.m.

Arbitrary Code Execution

2020-09-2106:25:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.8%

JSON

SQLite is vulnerable to arbitrary code execution. A stack-based buffer overflow and integer overflow in the sqlite3VXPrintf function in printf.c allows an attacker to execute arbitrary code on the host OS due to improperly handling of precision and width values during floating-point conversions.

CPENameOperatorVersion
sqlite3:preciseeq3.7.9-2ubuntu1
sqlite3:trustyeq3.8.2-1ubuntu2
sqlite3:preciseeq3.7.9-2ubuntu1
sqlite3:trustyeq3.8.2-1ubuntu2

Name	Operator	Version
sqlite3:precise	eq	3.7.9-2ubuntu1
sqlite3:trusty	eq	3.8.2-1ubuntu2
sqlite3:precise	eq	3.7.9-2ubuntu1
sqlite3:trusty	eq	3.8.2-1ubuntu2

References

lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

rhn.redhat.com/errata/RHSA-2015-1634.html

rhn.redhat.com/errata/RHSA-2015-1635.html

seclists.org/fulldisclosure/2015/Apr/31

www.debian.org/security/2015/dsa-3252

www.mandriva.com/security/advisories?name=MDVSA-2015:217

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74228

www.securitytracker.com/id/1033703

www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920

www.ubuntu.com/usn/USN-2698-1

security.gentoo.org/glsa/201507-05

support.apple.com/HT205213

support.apple.com/HT205267

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for VERACODE:26914