VDB
CNVD-2015-02749
CNVD-2015-02749
PUBLISHED
SQLite是美国软件开发者D.Richard Hipp所研发的一套基于C语言的开源嵌入式关系数据库管理系统。该系统具有独立性、隔离性、可跨平台等特点。 SQLite 3.8.9之前版本的vdbe.c文件中的‘sqlite3VdbeExec’函数存在安全漏洞,该漏洞源于程序未能正确实现比较运算符。攻击者可借助特制的CHECK子句利用该漏洞造成拒绝服务(无效的释放操作)。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 3, 2009 CVE Published
- Sep 12, 2017 PoC Published
- Mar 31, 2026 Distribution Patch
- Mar 31, 2026 Distribution Patch
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- RHSA-2015:1635 vendor-advisory
- 1033703 vdb
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html url
- 74228 vdb
- APPLE-SA-2015-09-30-3 vendor-advisory
- GLSA-201507-05 vendor-advisory
- USN-2698-1 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
- https://support.apple.com/HT205267 url
- APPLE-SA-2015-09-21-1 vendor-advisory
- https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30 url
- MDVSA-2015:217 vendor-advisory
- https://support.apple.com/HT205213 url
- DSA-3252 vendor-advisory
- 20150414 several issues in SQLite (+ catching up on several other bugs) mailing-list