PublicDateAtUSN: 2015-04-24
Candidate: CVE-2015-3415
PublicDate: 2015-04-24 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
 http://seclists.org/bugtraq/2015/Apr/97
 http://seclists.org/fulldisclosure/2015/Apr/31
 https://ubuntu.com/security/notices/USN-2698-1
Description:
 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not
 properly implement comparison operators, which allows context-dependent
 attackers to cause a denial of service (invalid free operation) or possibly
 have unspecified other impact via a crafted CHECK clause, as demonstrated
 by CHECK(0&O>O) in a CREATE TABLE statement.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
Priority: low
Discovered-by: Michal Zalewski
Assigned-to: mdeslaur
CVSS: 

Patches_sqlite:
upstream_sqlite: not-affected (code not present)
lucid_sqlite: ignored (reached end-of-life)
precise_sqlite: ignored (reached end-of-life)
precise/esm_sqlite: DNE (precise was needs-triage)
trusty_sqlite: not-affected (code not present)
trusty/esm_sqlite: not-affected (code not present)
utopic_sqlite: ignored (reached end-of-life)
vivid_sqlite: ignored (reached end-of-life)
vivid/stable-phone-overlay_sqlite: DNE
vivid/ubuntu-core_sqlite: DNE
wily_sqlite: ignored (reached end-of-life)
xenial_sqlite: not-affected (code not present)
yakkety_sqlite: ignored (reached end-of-life)
zesty_sqlite: ignored (reached end-of-life)
artful_sqlite: ignored (reached end-of-life)
bionic_sqlite: not-affected (code not present)
cosmic_sqlite: not-affected (code not present)
devel_sqlite: not-affected (code not present)

Patches_sqlite3:
 upstream: https://www.sqlite.org/src/info/02e3c88fbf6abdcf
upstream_sqlite3: released (3.8.9)
lucid_sqlite3: ignored (reached end-of-life)
precise_sqlite3: not-affected (code not present)
precise/esm_sqlite3: not-affected (code not present)
trusty_sqlite3: not-affected (code not present)
trusty/esm_sqlite3: not-affected (code not present)
utopic_sqlite3: not-affected (code not present)
vivid_sqlite3: released (3.8.7.4-1ubuntu0.1)
vivid/stable-phone-overlay_sqlite3: released (3.8.7.4-1ubuntu0.1)
vivid/ubuntu-core_sqlite3: released (3.8.7.4-1ubuntu0.1)
wily_sqlite3: not-affected (3.8.10.2-1)
xenial_sqlite3: not-affected (3.8.10.2-1)
esm-infra/xenial_sqlite3: not-affected (3.8.10.2-1)
yakkety_sqlite3: not-affected (3.8.10.2-1)
zesty_sqlite3: not-affected (3.8.10.2-1)
artful_sqlite3: not-affected (3.8.10.2-1)
bionic_sqlite3: not-affected (3.8.10.2-1)
cosmic_sqlite3: not-affected (3.8.10.2-1)
devel_sqlite3: not-affected (3.8.10.2-1)