Description
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Remediation
References
Related Vulnerabilities
Java Code Execution Vulnerability (CVE-2018-3211)
PostgreSQL CVE-2023-5870 Vulnerability (CVE-2023-5870)
WordPress Plugin M-vSlider SQL Injection (2.1.3)
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)