GSD-2015-3416 — Vulnetix

Try Vulnetix Request Demo

GSD-2015-3416 PUBLISHED

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Apr 3, 2009 CVE Published
Sep 12, 2017 PoC Published
Mar 31, 2026 Distribution Patch
Mar 31, 2026 Distribution Patch
Mar 31, 2026 Security Advisory
Mar 31, 2026 Security Advisory

References

RHSA-2015:1634 vendor-advisory
RHSA-2015:1635 vendor-advisory
1033703 vdb
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html url
74228 vdb
APPLE-SA-2015-09-30-3 vendor-advisory
GLSA-201507-05 vendor-advisory
USN-2698-1 vendor-advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920 url
https://support.apple.com/HT205267 url
APPLE-SA-2015-09-21-1 vendor-advisory
MDVSA-2015:217 vendor-advisory
https://support.apple.com/HT205213 url
DSA-3252 vendor-advisory
20150414 several issues in SQLite (+ catching up on several other bugs) mailing-list

Open in Interactive Console →