Description
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.4.9.9)
Apache Tomcat Improper Access Control Vulnerability (CVE-2016-8735)
WordPress Plugin Intuitive Custom Post Order Multiple Vulnerabilities (3.1.3)
MySQL CVE-2023-21887 Vulnerability (CVE-2023-21887)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-10959)