Search for vulnerabilities
Vulnerability details: VCID-u7s4-9n1z-aaae
Vulnerability ID VCID-u7s4-9n1z-aaae
Aliases CVE-2015-3415
Summary The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-404 Improper Resource Shutdown or Release
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3415.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1635
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00506 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.00716 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.07077 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
epss 0.21835 https://api.first.org/data/v1/epss?cve=CVE-2015-3415
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1212356
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
generic_textual Low http://seclists.org/bugtraq/2015/Apr/97
generic_textual Low http://seclists.org/fulldisclosure/2015/Apr/31
cvssv3.1 6.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-3415
generic_textual Low https://ubuntu.com/security/notices/USN-2698-1
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3415.html
http://rhn.redhat.com/errata/RHSA-2015-1635.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3415.json
https://api.first.org/data/v1/epss?cve=CVE-2015-3415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://seclists.org/bugtraq/2015/Apr/97
http://seclists.org/fulldisclosure/2015/Apr/31
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201507-05
https://support.apple.com/HT205213
https://support.apple.com/HT205267
https://ubuntu.com/security/notices/USN-2698-1
https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30
http://www.debian.org/security/2015/dsa-3252
http://www.mandriva.com/security/advisories?name=MDVSA-2015:217
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/74228
http://www.securitytracker.com/id/1033703
http://www.ubuntu.com/usn/USN-2698-1
1212356 https://bugzilla.redhat.com/show_bug.cgi?id=1212356
783968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-3415 https://nvd.nist.gov/vuln/detail/CVE-2015-3415
RHSA-2015:1635 https://access.redhat.com/errata/RHSA-2015:1635
USN-2698-1 https://usn.ubuntu.com/2698-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3415
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75693
EPSS Score 0.00485
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.