CVE-2015-3416
sqlite3 - security update
EPSS 6.9%
Description
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
How to fix CVE-2015-3416
To remediate CVE-2015-3416, upgrade the affected package to a fixed version below.
- Debian/sqlite3—upgrade to 3.8.9-1 or later
- —upgrade to 3.7.13-1+deb7u2 or later
Is CVE-2015-3416 being exploited?
Moderate — EPSS is 6.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.8.9-1
- from 0, < 3.7.13-1+deb7u2