CVE-2015-3414
EPSS 7.9%sqlite3 - security update
發布日:2015/4/24修改日:2026/4/28
描述
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
受影響套件(2)
- Debian/sqlite3from 0, < 3.8.9-1
- Debian/sqlite3from 0, < 3.8.7.1-1+deb8u1