FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
dec3164f-3121-45ef-af18-bb113ac5082f | sqlite -- multiple vulnerabilities
NVD reports:
SQLite before 3.8.9 does not properly implement the
dequoting of collation-sequence names, which allows
context-dependent attackers to cause a denial of service
(uninitialized memory access and application crash) or
possibly have unspecified other impact via a crafted
COLLATE clause, as demonstrated by COLLATE"""""""" at the
end of a SELECT statement.
The sqlite3VdbeExec function in vdbe.c in SQLite before
3.8.9 does not properly implement comparison operators,
which allows context-dependent attackers to cause a denial
of service (invalid free operation) or possibly have
unspecified other impact via a crafted CHECK clause, as
demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
The sqlite3VXPrintf function in printf.c in SQLite before
3.8.9 does not properly handle precision and width values
during floating-point conversions, which allows
context-dependent attackers to cause a denial of service
(integer overflow and stack-based buffer overflow) or
possibly have unspecified other impact via large integers
in a crafted printf function call in a SELECT statement.
Discovery 2015-04-14 Entry 2015-04-18 Modified 2015-05-08 sqlite3
< 3.8.9
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
https://www.sqlite.org/src/info/eddc05e7bb31fae7
https://www.sqlite.org/src/info/02e3c88fbf6abdcf
https://www.sqlite.org/src/info/c494171f77dc2e5e
http://seclists.org/fulldisclosure/2015/Apr/31
|