CVE-2015-3414 (retired)

Priority
Description
SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to cause
a denial of service (uninitialized memory access and application crash) or
possibly have unspecified other impact via a crafted COLLATE clause, as
demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Assigned-to
mdeslaur
Package
Upstream:not-affected
Patches:
Package
Upstream:released (3.8.9)
Patches:
Upstream:https://www.sqlite.org/src/info/eddc05e7bb31fae7
More Information

Updated: 2019-09-19 15:53:38 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)