1
PublicDateAtUSN: 2015-04-24
2
Candidate: CVE-2015-3415
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
6
http://seclists.org/bugtraq/2015/Apr/97
7
http://seclists.org/fulldisclosure/2015/Apr/31
8
https://usn.ubuntu.com/usn/usn-2698-1
10
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not
11
properly implement comparison operators, which allows context-dependent
12
attackers to cause a denial of service (invalid free operation) or possibly
13
have unspecified other impact via a crafted CHECK clause, as demonstrated
14
by CHECK(0&O>O) in a CREATE TABLE statement.
18
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
20
Discovered-by: Michal Zalewski
24
upstream_sqlite: needs-triage
25
lucid_sqlite: ignored (reached end-of-life)
26
precise_sqlite: ignored (reached end-of-life)
27
precise/esm_sqlite: DNE (precise was needs-triage)
28
trusty_sqlite: needs-triage
29
utopic_sqlite: ignored (reached end-of-life)
30
vivid_sqlite: ignored (reached end-of-life)
31
vivid/stable-phone-overlay_sqlite: DNE
32
vivid/ubuntu-core_sqlite: DNE
33
wily_sqlite: ignored (reached end-of-life)
34
xenial_sqlite: needs-triage
35
yakkety_sqlite: ignored (reached end-of-life)
36
zesty_sqlite: ignored (reached end-of-life)
37
artful_sqlite: needs-triage
38
bionic_sqlite: needs-triage
39
devel_sqlite: needs-triage
42
upstream: https://www.sqlite.org/src/info/02e3c88fbf6abdcf
43
upstream_sqlite3: released (3.8.9)
44
lucid_sqlite3: ignored (reached end-of-life)
45
precise_sqlite3: not-affected (code not present)
46
precise/esm_sqlite3: not-affected (code not present)
47
trusty_sqlite3: not-affected (code not present)
48
utopic_sqlite3: not-affected (code not present)
49
vivid_sqlite3: released (3.8.7.4-1ubuntu0.1)
50
vivid/stable-phone-overlay_sqlite3: released (3.8.7.4-1ubuntu0.1)
51
vivid/ubuntu-core_sqlite3: released (3.8.7.4-1ubuntu0.1)
52
wily_sqlite3: not-affected (3.8.10.2-1)
53
xenial_sqlite3: not-affected (3.8.10.2-1)
54
yakkety_sqlite3: not-affected (3.8.10.2-1)
55
zesty_sqlite3: not-affected (3.8.10.2-1)
56
artful_sqlite3: not-affected (3.8.10.2-1)
57
bionic_sqlite3: not-affected (3.8.10.2-1)
58
devel_sqlite3: not-affected (3.8.10.2-1)