FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dec3164f-3121-45ef-af18-bb113ac5082f	sqlite -- multiple vulnerabilities NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Discovery 2015-04-14 Entry 2015-04-18 Modified 2015-05-08 sqlite3 < 3.8.9 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 https://www.sqlite.org/src/info/eddc05e7bb31fae7 https://www.sqlite.org/src/info/02e3c88fbf6abdcf https://www.sqlite.org/src/info/c494171f77dc2e5e http://seclists.org/fulldisclosure/2015/Apr/31

VuXML ID

Description

dec3164f-3121-45ef-af18-bb113ac5082f

sqlite -- multiple vulnerabilities

NVD reports:

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Discovery 2015-04-14
Entry 2015-04-18
Modified 2015-05-08
sqlite3

< 3.8.9

CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
https://www.sqlite.org/src/info/eddc05e7bb31fae7
https://www.sqlite.org/src/info/02e3c88fbf6abdcf
https://www.sqlite.org/src/info/c494171f77dc2e5e
http://seclists.org/fulldisclosure/2015/Apr/31