CVE-2015-3415 (retired)

Priority
Description
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not
properly implement comparison operators, which allows context-dependent
attackers to cause a denial of service (invalid free operation) or possibly
have unspecified other impact via a crafted CHECK clause, as demonstrated
by CHECK(0&O>O) in a CREATE TABLE statement.
Assigned-to
mdeslaur
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Package
Upstream:released (3.8.9)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.8.10.2-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.8.10.2-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.8.10.2-1)
Patches:
Upstream:https://www.sqlite.org/src/info/02e3c88fbf6abdcf
More Information

Updated: 2019-09-19 15:53:39 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)