Description

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Remediation

References

CVE-2015-3414

Related Vulnerabilities

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.6)

SharePoint CVE-2020-1443 Vulnerability (CVE-2020-1443)

WordPress Plugin MW WP Form Cross-Site Scripting (5.0.6)

WordPress Plugin Email posts to subscribers Multiple Vulnerabilities (2.0)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)

Severity

High

Classification

CVE-2015-3414 CWE-908

Tags

Missing Update Known Vulnerabilities