CVE-2015-3414

EPSS 7.9%

sqlite3 - security update

Published: 4/24/2015Modified: 4/28/2026

Description

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Affected packages (2)

Debian/sqlite3from 0, < 3.8.9-1
Debian/sqlite3from 0, < 3.8.7.1-1+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3414