Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-3415: SQLite: Check-in [02e3c88f]

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

CVE
#sql#dos#perl

Overview

References

Context

2015-05-20

19:44

Ensure that comparison operators do not mess up the MEM_Dyn flag on registers when reverting affinity changes. Cherrypick of [02e3c88fbf6a]. (check-in: 4125477e user: dan tags: branch-3.8.6)

2015-03-31

13:46

Add the “mptest” target to Makefile.msc (check-in: 1e814e0b user: drh tags: trunk)

11:42

Ensure that comparison operators do not mess up the MEM_Dyn flag on registers when reverting affinity changes. (check-in: 02e3c88f user: drh tags: trunk)

2015-03-30

23:43

Prevent a possible infinite loop when trying to DROP a table from a corrupt database. (check-in: 395bb3e6 user: drh tags: trunk)

Changes

Modified src/vdbe.c from [bbfede5a] to [86ae6f47].

1916 1917 1918 1919 1920 1921 1922

1923 1924 1925 1926 1927

1928 1929 1930 1931 1932 1933 1934

    applyNumericAffinity(pIn3,0);
  }
}else if( affinity==SQLITE\_AFF\_TEXT ){
  if( (pIn1->flags & MEM\_Str)==0 && (pIn1->flags & (MEM\_Int|MEM\_Real))!=0 ){
    testcase( pIn1->flags & MEM\_Int );
    testcase( pIn1->flags & MEM\_Real );
    sqlite3VdbeMemStringify(pIn1, encoding, 1);


  }
  if( (pIn3->flags & MEM\_Str)==0 && (pIn3->flags & (MEM\_Int|MEM\_Real))!=0 ){
    testcase( pIn3->flags & MEM\_Int );
    testcase( pIn3->flags & MEM\_Real );
    sqlite3VdbeMemStringify(pIn3, encoding, 1);


  }
}
assert( pOp->p4type==P4\_COLLSEQ || pOp->p4.pColl==0 );
if( pIn1->flags & MEM\_Zero ){
  sqlite3VdbeMemExpandBlob(pIn1);
  flags1 &= ~MEM\_Zero;
}

1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938

    applyNumericAffinity(pIn3,0);
  }
}else if( affinity==SQLITE\_AFF\_TEXT ){
  if( (pIn1->flags & MEM\_Str)==0 && (pIn1->flags & (MEM\_Int|MEM\_Real))!=0 ){
    testcase( pIn1->flags & MEM\_Int );
    testcase( pIn1->flags & MEM\_Real );
    sqlite3VdbeMemStringify(pIn1, encoding, 1);
    testcase( (flags1&MEM\_Dyn) != (pIn1->flags&MEM\_Dyn) );
    flags1 = (pIn1->flags & ~MEM\_TypeMask) | (flags1 & MEM\_TypeMask);      }
  if( (pIn3->flags & MEM\_Str)==0 && (pIn3->flags & (MEM\_Int|MEM\_Real))!=0 ){
    testcase( pIn3->flags & MEM\_Int );
    testcase( pIn3->flags & MEM\_Real );
    sqlite3VdbeMemStringify(pIn3, encoding, 1);
    testcase( (flags3&MEM\_Dyn) != (pIn3->flags&MEM\_Dyn) );
    flags3 = (pIn3->flags & ~MEM\_TypeMask) | (flags3 & MEM\_TypeMask);      }
}
assert( pOp->p4type==P4\_COLLSEQ || pOp->p4.pColl==0 );
if( pIn1->flags & MEM\_Zero ){
  sqlite3VdbeMemExpandBlob(pIn1);
  flags1 &= ~MEM\_Zero;
}

1957 1958 1959 1960 1961 1962 1963

1964

1965 1966 1967 1968 1969 1970 1971

}else{ VdbeBranchTaken(res!=0, (pOp->p5 & SQLITE_NULLEQ)?2:3); if( res ){ pc = pOp->p2-1; } } /* Undo any changes made by applyAffinity() to the input registers. */

pIn1->flags = flags1;

pIn3->flags = flags3; break; }

/* Opcode: Permutation * * * P4 * ** ** Set the permutation used by the OP_Compare operator to be the array

1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977

}else{ VdbeBranchTaken(res!=0, (pOp->p5 & SQLITE_NULLEQ)?2:3); if( res ){ pc = pOp->p2-1; } } /* Undo any changes made by applyAffinity() to the input registers. */ assert( (pIn1->flags & MEM_Dyn) == (flags1 & MEM_Dyn) ); pIn1->flags = flags1; assert( (pIn3->flags & MEM_Dyn) == (flags3 & MEM_Dyn) ); pIn3->flags = flags3; break; }

/* Opcode: Permutation * * * P4 * ** ** Set the permutation used by the OP_Compare operator to be the array

Related news

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2018-3064: CPU July 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907