GSD-2015-3416 — Vulnetix

GSD-2015-3416 PUBLISHED

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Exploit Intelligence

poc for CVE-2015-1855 (github-poc)
A check for GHOST; cve-2015-0235 (github-poc)
sUbc0ol/CVE-2015-0235 (github-poc)
Script to test vulnarability for CVE-2015-0235 (github-poc)
CVE-2015-0235 (github-poc)
CVE-2015-0235 EXIM ESTMP GHOST Glibc Gethostbyname() DoS Exploit/PoC (github-poc)
A shared library wrapper with additional checks for vulnerable functions gethostbyname2_r gethostbyname_r (GHOST vulnerability) (github-poc)
glibc gethostbyname bug (github-poc)
Playbooks 'Fix for CVE-2015-0235(GHOST)' running on Ansible (github-poc)
cookbook for update glibc. CVE-2015-0235(GHOST) (github-poc)

…and 25 more exploits

Timeline

Apr 3, 2009 CVE Published
Sep 12, 2017 PoC Published
Mar 31, 2026 Distribution Patch
Mar 31, 2026 Distribution Patch
Mar 31, 2026 Security Advisory
Mar 31, 2026 Security Advisory

References

RHSA-2015:1634 vendor-advisory
RHSA-2015:1635 vendor-advisory
1033703 vdb
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html url
74228 vdb
APPLE-SA-2015-09-30-3 vendor-advisory
GLSA-201507-05 vendor-advisory
USN-2698-1 vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920 url
https://support.apple.com/HT205267 url
APPLE-SA-2015-09-21-1 vendor-advisory
MDVSA-2015:217 vendor-advisory
https://support.apple.com/HT205213 url
DSA-3252 vendor-advisory
20150414 several issues in SQLite (+ catching up on several other bugs) mailing-list

Open in Interactive Console →