Description

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Remediation

References

CVE-2015-3414

Related Vulnerabilities

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10219)

ownCloud Improper Authentication Vulnerability (CVE-2014-2047)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4956)

WebLogic CVE-2022-21347 Vulnerability (CVE-2022-21347)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.3)

Severity

High

Classification

CVE-2015-3414 CWE-908

Tags

Missing Update Known Vulnerabilities