Description

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Remediation

References

CVE-2015-3416

Related Vulnerabilities

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

MathJax Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1999024)

WordPress Plugin User Photo 'user-photo.php' Arbitrary File Upload (0.9.4)

Oracle Database Server CVE-2008-2611 Vulnerability (CVE-2008-2611)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16893)

Severity

High

Classification

CVE-2015-3416 CWE-190

Tags

Missing Update Known Vulnerabilities