CVE-2015-3416

EPSS 7.7%

sqlite3 - security update

發布日:2015/4/24修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-3416

描述

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

受影響套件(2)

Debian/sqlite3from 0, < 3.8.9-1
Debian/sqlite3from 0, < 3.7.13-1+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3416