CVE-2015-3415 in Apple iTunesinfo

Summary

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/24/2015

Disclosure

04/24/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
99027Apple iTunes SQLite input validation20Not definedOfficial fixCVE-2015-3415
78123Apple Watch SQLite input validation20Not definedOfficial fixCVE-2015-3415
75131SQLite vdbe.c sqlite3VdbeExec input validation20Not definedOfficial fixCVE-2015-3415

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!