Search for vulnerabilities
Vulnerability details: VCID-7q57-sqtb-aaam
Vulnerability ID VCID-7q57-sqtb-aaam
Aliases CVE-2015-3414
Summary SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-908 Use of Uninitialized Resource
CWE-456 Missing Initialization of a Variable
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3414.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1635
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2015-3414
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1212353
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
generic_textual Low http://seclists.org/fulldisclosure/2015/Apr/31
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-3414
generic_textual Low https://ubuntu.com/security/notices/USN-2698-1
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3414.html
http://rhn.redhat.com/errata/RHSA-2015-1635.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3414.json
https://api.first.org/data/v1/epss?cve=CVE-2015-3414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://seclists.org/fulldisclosure/2015/Apr/31
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201507-05
https://support.apple.com/HT205213
https://support.apple.com/HT205267
https://ubuntu.com/security/notices/USN-2698-1
https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2
http://www.debian.org/security/2015/dsa-3252
http://www.mandriva.com/security/advisories?name=MDVSA-2015:217
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/74228
http://www.securitytracker.com/id/1033703
http://www.ubuntu.com/usn/USN-2698-1
1212353 https://bugzilla.redhat.com/show_bug.cgi?id=1212353
783968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-3414 https://nvd.nist.gov/vuln/detail/CVE-2015-3414
RHSA-2015:1635 https://access.redhat.com/errata/RHSA-2015:1635
USN-2698-1 https://usn.ubuntu.com/2698-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3414
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77246
EPSS Score 0.00506
Published At Dec. 11, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.