Skip to main content

Sqlite CVE-2015-3414

HIGH
Use of Uninitialized Resource (CWE-908)
2015-04-24 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 24, 2015 - 17:59 cve.org
HIGH 7.5

DescriptionCVE.org

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

AnalysisAI

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Technical ContextAI

This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Affected products include: Sqlite, Apple Mac Os X, Apple Watchos, Debian Debian Linux, Canonical Ubuntu Linux. Version information: before 3.8.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.

More in Sqlite

View all
CVE-2015-5895 CRITICAL POC
10.0 Sep 18

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and a

CVE-2017-10989 CRITICAL
9.8 Jul 07

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles u

CVE-2025-6965 HIGH POC
7.2 Jul 15

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggr

CVE-2019-5018 HIGH POC
8.1 May 10

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Rated high se

CVE-2018-20346 HIGH POC
8.1 Dec 21

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow)

CVE-2017-15286 HIGH POC
7.5 Oct 12

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases wh

CVE-2022-35737 HIGH POC
7.5 Aug 03

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a

CVE-2021-36690 HIGH POC
7.5 Aug 24

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functi

CVE-2020-13871 HIGH POC
7.5 Jun 06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions i

CVE-2020-11655 HIGH POC
7.5 Apr 09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function

CVE-2023-7104 HIGH POC
7.3 Dec 29

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Hand

CVE-2022-46908 HIGH POC
7.3 Dec 12

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the

Share

CVE-2015-3414 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy