Search for vulnerabilities
Vulnerability details: VCID-4xtb-q5wy-aaak
Vulnerability ID VCID-4xtb-q5wy-aaak
Aliases CVE-2015-3416
Summary The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-190 Integer Overflow or Wraparound
CWE-121 Stack-based Buffer Overflow
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3416.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1634
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1635
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05572 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.05725 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
epss 0.14371 https://api.first.org/data/v1/epss?cve=CVE-2015-3416
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1212357
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
generic_textual Low http://seclists.org/fulldisclosure/2015/Apr/31
cvssv3.1 6.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-3416
generic_textual Low https://ubuntu.com/security/notices/USN-2698-1
generic_textual Low https://usn.ubuntu.com/usn/usn-2698-1
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3416.html
http://rhn.redhat.com/errata/RHSA-2015-1634.html
http://rhn.redhat.com/errata/RHSA-2015-1635.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3416.json
https://api.first.org/data/v1/epss?cve=CVE-2015-3416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://seclists.org/fulldisclosure/2015/Apr/31
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201507-05
https://support.apple.com/HT205213
https://support.apple.com/HT205267
https://ubuntu.com/security/notices/USN-2698-1
https://usn.ubuntu.com/usn/usn-2698-1
http://www.debian.org/security/2015/dsa-3252
http://www.mandriva.com/security/advisories?name=MDVSA-2015:217
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/74228
http://www.securitytracker.com/id/1033703
http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920
http://www.ubuntu.com/usn/USN-2698-1
1212357 https://bugzilla.redhat.com/show_bug.cgi?id=1212357
783968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-3416 https://nvd.nist.gov/vuln/detail/CVE-2015-3416
RHSA-2015:1634 https://access.redhat.com/errata/RHSA-2015:1634
RHSA-2015:1635 https://access.redhat.com/errata/RHSA-2015:1635
USN-2698-1 https://usn.ubuntu.com/2698-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3416
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.74164
EPSS Score 0.00392
Published At Dec. 11, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.