Issue metadata
Sign in to add a comment
|
Chromium: Vulnerability reported in sqlite |
||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sqlite Package Version: [cpe:/a:sqlite:sqlite:3.7.6.3] Advisory: CVE-2015-3717 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-3717 CVSS severity score: 7.5/10.0 Confidence: high Description: Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
,
Sep 24 2017
,
Sep 27 2017
Looks like a false positive.
,
Sep 27 2017
Information is scarce on CVE-2015-3717, but a thread on sqlite-dev [1] suggests that the problem is fixed by a commit [2] which is in 3.8.6, which happens to be the version currently used in Chrome OS. [1] https://groups.google.com/forum/#!searchin/sqlite-dev/CVE-2015-3717/sqlite-dev/U7OjAbZO6LA/PyvQTdLmsVEJ [2] https://www.sqlite.org/src/info/8e4ac2ce24415926
,
Jan 3 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Sep 23 2017Owner: mnissler@chromium.org