CVE-2015-5895 – SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2015-5895
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en SQLite en versiones anteriores a 3.8.10.2, tal como se utiliza en Apple iOS en versiones anteriores a 9, tiene un impacto y vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/36190 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 •
CVE-2013-7443
https://notcve.org/view.php?id=CVE-2013-7443
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Desbordamiento de buffer en la optimización skip-scan en SQLite 3.8.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de sentencias SQL manipuladas. • http://ubuntu.com/usn/usn-2698-1 http://www.openwall.com/lists/oss-security/2015/07/14/5 http://www.openwall.com/lists/oss-security/2015/07/15/4 http://www.securityfocus.com/bid/76089 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758 https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897 https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the printf function. The issue lies in the ability to use an arbitrary format string as an argument to an insecure printf function. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2015-3414 – sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
https://notcve.org/view.php?id=CVE-2015-3414
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria no inicializada y caída de aplicación) o posiblemente tener otro impacto no especificado a través de una clausula COLLATE manipulada, tal y como fue demostrado por COLLATE'''''''' al final de una declaración SELECT. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1635.html http://seclists.org/fulldisclosure/2015/Apr/31 http://www.debian.org/security/2015/dsa-3252 http://www.mandriva.com/security/advisories?name=MDVSA-2015:217 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-295 • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVE-2015-3415 – sqlite: invalid free() in src/vdbe.c
https://notcve.org/view.php?id=CVE-2015-3415
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. La función sqlite3VdbeExec en vdbe.c en SQLite anterior a 3.8.9 no implementa correctamente los operadores de comparaciones, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (operación de liberación inválida) o posiblemente tener otro impacto no especificado a través de una clausula CHECK manipulada, tal y como fue demostrado por CHECK(0&O>O) en una declaración CREATE TABLE. It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1635.html http://seclists.org/fulldisclosure/2015/Apr/31 http://www.debian.org/security/2015/dsa-3252 http://www.mandriva.com/security/advisories?name=MDVSA-2015:217 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-295 • CWE-404: Improper Resource Shutdown or Release •