ID

VAR-201504-0479


CVE

CVE-2015-3416


TITLE

SQLite Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201504-506

DESCRIPTION

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. SQLite is prone to the following vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. An arbitrary code-execution vulnerability 3. A memory-corruption vulnerability 4. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. SQLite versions prior to 3.8.9 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. The system has the characteristics of independence, isolation, and cross-platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SQLite: Multiple vulnerabilities Date: July 07, 2015 Bugs: #546626 ID: 201507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in SQLite, allowing context-dependent attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/sqlite < 3.8.9 >= 3.8.9 Description =========== Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could possibly cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All SQLite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.8.9" References ========== [ 1 ] CVE-2015-3414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3414 [ 2 ] CVE-2015-3415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3415 [ 3 ] CVE-2015-3416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3416 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2015:1635-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1635.html Issue date: 2015-08-17 CVE Names: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 ===================================================================== 1. Summary: An updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414) It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212353 - CVE-2015-3414 sqlite: use of uninitialized memory when parsing collation sequences in src/where.c 1212356 - CVE-2015-3415 sqlite: invalid free() in src/vdbe.c 1212357 - CVE-2015-3416 sqlite: stack buffer overflow in src/printf.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm ppc64: sqlite-3.7.17-6.el7_1.1.ppc.rpm sqlite-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc.rpm sqlite-devel-3.7.17-6.el7_1.1.ppc64.rpm s390x: sqlite-3.7.17-6.el7_1.1.s390.rpm sqlite-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-devel-3.7.17-6.el7_1.1.s390.rpm sqlite-devel-3.7.17-6.el7_1.1.s390x.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: sqlite-3.7.17-6.ael7b_1.1.src.rpm ppc64le: sqlite-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-devel-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm ppc64: lemon-3.7.17-6.el7_1.1.ppc64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.ppc64.rpm sqlite-tcl-3.7.17-6.el7_1.1.ppc64.rpm s390x: lemon-3.7.17-6.el7_1.1.s390x.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.s390x.rpm sqlite-tcl-3.7.17-6.el7_1.1.s390x.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: sqlite-doc-3.7.17-6.ael7b_1.1.noarch.rpm ppc64le: lemon-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-debuginfo-3.7.17-6.ael7b_1.1.ppc64le.rpm sqlite-tcl-3.7.17-6.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sqlite-3.7.17-6.el7_1.1.src.rpm x86_64: sqlite-3.7.17-6.el7_1.1.i686.rpm sqlite-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.i686.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-devel-3.7.17-6.el7_1.1.i686.rpm sqlite-devel-3.7.17-6.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: sqlite-doc-3.7.17-6.el7_1.1.noarch.rpm x86_64: lemon-3.7.17-6.el7_1.1.x86_64.rpm sqlite-debuginfo-3.7.17-6.el7_1.1.x86_64.rpm sqlite-tcl-3.7.17-6.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3414 https://access.redhat.com/security/cve/CVE-2015-3415 https://access.redhat.com/security/cve/CVE-2015-3416 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV0c4vXlSAg2UNWIIRAk8jAJ9ya3aROVTX8RDQ+RlCcls0ddR6CACfaeH9 Q91hN45yeXgVnmom/HYSQRU= =814S -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (jessie), these problems have been fixed in version 3.8.7.1-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 3.8.9-1. For the unstable distribution (sid), these problems have been fixed in version 3.8.9-1. We recommend that you upgrade your sqlite3 packages. The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 https://bugzilla.redhat.com/show_bug.cgi?id=1212353 https://bugzilla.redhat.com/show_bug.cgi?id=1212356 https://bugzilla.redhat.com/show_bug.cgi?id=1212357 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: adb7e2731d814af7948c8a65662e7c71 mbs1/x86_64/lemon-3.8.9-1.mbs1.x86_64.rpm 8c9620460c62d0f7d07bd5fee68ac038 mbs1/x86_64/lib64sqlite3_0-3.8.9-1.mbs1.x86_64.rpm f060fd3ca68302f59e47e9bc1b336d4b mbs1/x86_64/lib64sqlite3-devel-3.8.9-1.mbs1.x86_64.rpm 0fdd2e8a7456b51773b2a131534b9867 mbs1/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs1.x86_64.rpm 14682c0d09a3dc73f4405ee136c6115d mbs1/x86_64/sqlite3-tcl-3.8.9-1.mbs1.x86_64.rpm c2fc81b9162865ecdcef85aaa805507f mbs1/x86_64/sqlite3-tools-3.8.9-1.mbs1.x86_64.rpm 474e6b9bc6a7299f8ab34a90893bbd96 mbs1/SRPMS/sqlite3-3.8.9-1.mbs1.src.rpm Mandriva Business Server 2/X86_64: 44c4a002a3480388751603981327a21d mbs2/x86_64/lemon-3.8.9-1.mbs2.x86_64.rpm 9d2ded51447e5f133c37257635ef4f22 mbs2/x86_64/lib64sqlite3_0-3.8.9-1.mbs2.x86_64.rpm 42c8fce0126487fa0a72b4f5f1b5e852 mbs2/x86_64/lib64sqlite3-devel-3.8.9-1.mbs2.x86_64.rpm a93c0f348006f6675779bf7cd5c9f547 mbs2/x86_64/lib64sqlite3-static-devel-3.8.9-1.mbs2.x86_64.rpm 792f42a7a38d7947e7b5d0ea67510de2 mbs2/x86_64/sqlite3-tcl-3.8.9-1.mbs2.x86_64.rpm 947e30fcb8c4f19b1398d6e29adc29ac mbs2/x86_64/sqlite3-tools-3.8.9-1.mbs2.x86_64.rpm 150cb2acc870d5ca8a343f21edef4248 mbs2/SRPMS/sqlite3-3.8.9-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017 iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153 iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017 Installation note: iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: f34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz Slackware 14.1 package: 6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz Slackware -current package: 020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz Slackware x86_64 -current package: 681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.43-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 1.89

sources: NVD: CVE-2015-3416 // BID: 74228 // VULHUB: VHN-81377 // VULMON: CVE-2015-3416 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 131788 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.6

vendor:phpmodel:phpscope:ltversion:5.5.26

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.6.8

Trust: 1.0

vendor:sqlitemodel:sqlitescope:lteversion:3.8.8.3

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.4.0

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:1.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.6.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.4.42

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:5.5.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:5.6.10

Trust: 1.0

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.5.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.1

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.8.8

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.6.20

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:sqlitemodel:sqlitescope:eqversion:3.8.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:sqlitemodel:sqlitescope:neversion:3.8.9

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.03

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:15.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 74228 // CNNVD: CNNVD-201504-506 // NVD: CVE-2015-3416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3416
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201504-506
value: HIGH

Trust: 0.6

VULHUB: VHN-81377
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3416
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3416
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-81377
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81377 // VULMON: CVE-2015-3416 // CNNVD: CNNVD-201504-506 // NVD: CVE-2015-3416

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-81377 // NVD: CVE-2015-3416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-506

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201504-506

PATCH

title:sqlite-autoconf-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55211

Trust: 0.6

title:sqlite-amalgamation-3080900url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55210

Trust: 0.6

title:Debian CVElist Bug Report Logs: sqlite3: CVE-2015-3414 CVE-2015-3415 CVE-2015-3416url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f3b20c41a92070ec876bf6271a150223

Trust: 0.1

title:Ubuntu Security Notice: sqlite3 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2698-1

Trust: 0.1

title:Red Hat: CVE-2015-3416url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3416

Trust: 0.1

title:Debian Security Advisories: DSA-3252-1 sqlite3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=77154669f815221143233607dd8533ab

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-591url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-591

Trust: 0.1

title:Apple: iTunes 12.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a68da1048a006f5980c613c06ab6fbb6

Trust: 0.1

title:Apple: iTunes 12.6 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a2320462745411a5547ed48fe868a9a6

Trust: 0.1

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

sources: VULMON: CVE-2015-3416 // CNNVD: CNNVD-201504-506

EXTERNAL IDS

db:NVDid:CVE-2015-3416

Trust: 2.7

db:BIDid:74228

Trust: 2.1

db:SECTRACKid:1033703

Trust: 1.8

db:CNNVDid:CNNVD-201504-506

Trust: 0.7

db:AUSCERTid:ESB-2020.3573.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3573

Trust: 0.6

db:PACKETSTORMid:132293

Trust: 0.1

db:PACKETSTORMid:133097

Trust: 0.1

db:VULHUBid:VHN-81377

Trust: 0.1

db:VULMONid:CVE-2015-3416

Trust: 0.1

db:PACKETSTORMid:132556

Trust: 0.1

db:PACKETSTORMid:133098

Trust: 0.1

db:PACKETSTORMid:131788

Trust: 0.1

db:PACKETSTORMid:131696

Trust: 0.1

db:PACKETSTORMid:141937

Trust: 0.1

db:PACKETSTORMid:132742

Trust: 0.1

sources: VULHUB: VHN-81377 // VULMON: CVE-2015-3416 // BID: 74228 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 131788 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-506 // NVD: CVE-2015-3416

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2015-1635.html

Trust: 2.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 2.1

url:https://security.gentoo.org/glsa/201507-05

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.8

url:http://www.securityfocus.com/bid/74228

Trust: 1.8

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920

Trust: 1.8

url:https://support.apple.com/ht205213

Trust: 1.8

url:https://support.apple.com/ht205267

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3252

Trust: 1.8

url:http://seclists.org/fulldisclosure/2015/apr/31

Trust: 1.8

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:217

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-1634.html

Trust: 1.8

url:http://www.securitytracker.com/id/1033703

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2698-1

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3415

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3416

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3414

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3573/

Trust: 0.6

url:https://www.sqlite.org/src/info/02e3c88fbf6abdcf

Trust: 0.3

url:https://www.sqlite.org/src/info/eddc05e7bb31fae7

Trust: 0.3

url:http://www.sqlite.org/src/info/0cdf502885ea7e58

Trust: 0.3

url:http://www.sqlite.org/src/info/c494171f77dc2e5e

Trust: 0.3

url:http://www.sqlite.org/

Trust: 0.3

url:https://support.apple.com/en-us/ht205212

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023457

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981747

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21974989

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981269

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981270

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-3416

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3414

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3415

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3416

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=39346

Trust: 0.1

url:https://usn.ubuntu.com/2698-1/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3415

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3414

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3416

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3414

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3415

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212353

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212356

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1212357

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0718

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2480

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7443

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4472

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1147

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2325

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4644

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4644

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2326

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2325

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4643

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4642

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2326

Trust: 0.1

sources: VULHUB: VHN-81377 // VULMON: CVE-2015-3416 // BID: 74228 // PACKETSTORM: 132556 // PACKETSTORM: 133098 // PACKETSTORM: 131788 // PACKETSTORM: 131696 // PACKETSTORM: 141937 // PACKETSTORM: 132742 // CNNVD: CNNVD-201504-506 // NVD: CVE-2015-3416

CREDITS

Michal Zalewski

Trust: 0.3

sources: BID: 74228

SOURCES

db:VULHUBid:VHN-81377
db:VULMONid:CVE-2015-3416
db:BIDid:74228
db:PACKETSTORMid:132556
db:PACKETSTORMid:133098
db:PACKETSTORMid:131788
db:PACKETSTORMid:131696
db:PACKETSTORMid:141937
db:PACKETSTORMid:132742
db:CNNVDid:CNNVD-201504-506
db:NVDid:CVE-2015-3416

LAST UPDATE DATE

2024-11-23T21:26:39.569000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81377date:2018-07-19T00:00:00
db:VULMONid:CVE-2015-3416date:2018-07-19T00:00:00
db:BIDid:74228date:2017-03-29T00:01:00
db:CNNVDid:CNNVD-201504-506date:2022-08-17T00:00:00
db:NVDid:CVE-2015-3416date:2024-11-21T02:29:23.137

SOURCES RELEASE DATE

db:VULHUBid:VHN-81377date:2015-04-24T00:00:00
db:VULMONid:CVE-2015-3416date:2015-04-24T00:00:00
db:BIDid:74228date:2015-03-19T00:00:00
db:PACKETSTORMid:132556date:2015-07-07T15:33:51
db:PACKETSTORMid:133098date:2015-08-17T15:41:06
db:PACKETSTORMid:131788date:2015-05-07T15:20:32
db:PACKETSTORMid:131696date:2015-04-30T15:46:33
db:PACKETSTORMid:141937date:2017-03-28T23:44:44
db:PACKETSTORMid:132742date:2015-07-20T15:45:28
db:CNNVDid:CNNVD-201504-506date:2015-04-27T00:00:00
db:NVDid:CVE-2015-3416date:2015-04-24T17:59:02.363