CVE-2015-3415

Description

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

How to fix CVE-2015-3415

To remediate CVE-2015-3415, upgrade the affected package to a fixed version below.

• Debian/sqlite3—upgrade to 3.8.9-1 or later

Is CVE-2015-3415 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 3.8.9-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3415