VDB
VAR-201504-0478
VAR-201504-0478
PUBLISHED
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- poc for CVE-2015-1855 (github-poc)
- A check for GHOST; cve-2015-0235 (github-poc)
- sUbc0ol/CVE-2015-0235 (github-poc)
- Script to test vulnarability for CVE-2015-0235 (github-poc)
- CVE-2015-0235 (github-poc)
- CVE-2015-0235 EXIM ESTMP GHOST Glibc Gethostbyname() DoS Exploit/PoC (github-poc)
- A shared library wrapper with additional checks for vulnerable functions gethostbyname2_r gethostbyname_r (GHOST vulnerability) (github-poc)
- glibc gethostbyname bug (github-poc)
- Playbooks 'Fix for CVE-2015-0235(GHOST)' running on Ansible (github-poc)
- cookbook for update glibc. CVE-2015-0235(GHOST) (github-poc)
…and 24 more exploits
Timeline
- Apr 3, 2009 CVE Published
- Sep 12, 2017 PoC Published
- Mar 31, 2026 Distribution Patch
- Mar 31, 2026 Distribution Patch
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- RHSA-2015:1635 vendor-advisory
- 1033703 vdb
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html url
- 74228 vdb
- APPLE-SA-2015-09-30-3 vendor-advisory
- GLSA-201507-05 vendor-advisory
- USN-2698-1 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
- https://support.apple.com/HT205267 url
- APPLE-SA-2015-09-21-1 vendor-advisory
- https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30 url
- MDVSA-2015:217 vendor-advisory
- https://support.apple.com/HT205213 url
- DSA-3252 vendor-advisory
- 20150414 several issues in SQLite (+ catching up on several other bugs) mailing-list