var-201511-0044
Vulnerability from variot
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the fts3_tokenizer function. The issue lies in the optional second argument which is expected to be a pointer into a structure. An attacker can leverage this vulnerability to achieve code execution under the context of the current process. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. A security vulnerability exists in the 'fts3_tokenizer' function in SQLite used in Apple iOS versions prior to 8.4 and OS X versions prior to 10.10.4.
Gentoo Linux Security Advisory GLSA 201612-21
https://security.gentoo.org/
Severity: Normal Title: SQLite: Multiple vulnerabilities Date: December 08, 2016 Bugs: #549258, #574420 ID: 201612-21
Synopsis
Multiple vulnerabilities were found in SQLite, the worst of which may allow execution of arbitrary code.
Background
SQLite is a C library that implements an SQL database engine.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/sqlite < 3.11.1 >= 3.11.1
Description
Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All sqlite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.11.1"
References
[ 1 ] CVE-2015-7036 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7036 [ 2 ] Two invalid read errors / heap overflows in SQLite (TFPA 006/2015) http://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-ove= rflows-in-SQLite-TFPA-0062015.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipod touch first 5 after generation )"
},
{
"model": "sqlite",
"scope": null,
"trust": 0.7,
"vendor": "sqlite",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.3"
},
{
"model": "sqlite",
"scope": "eq",
"trust": 0.3,
"vendor": "sqlite",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter Rutenbar",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
],
"trust": 1.6
},
"cve": "CVE-2015-7036",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7036",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84997",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7036",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-7036",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84997",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7036",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the fts3_tokenizer function. The issue lies in the optional second argument which is expected to be a pointer into a structure. An attacker can leverage this vulnerability to achieve code execution under the context of the current process. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. SQLite is an open source embedded relational database management system based on C language developed by American software developer D.Richard Hipp. A security vulnerability exists in the \u0027fts3_tokenizer\u0027 function in SQLite used in Apple iOS versions prior to 8.4 and OS X versions prior to 10.10.4. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-21\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: SQLite: Multiple vulnerabilities\n Date: December 08, 2016\n Bugs: #549258, #574420\n ID: 201612-21\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in SQLite, the worst of which may\nallow execution of arbitrary code. \n\nBackground\n==========\n\nSQLite is a C library that implements an SQL database engine. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/sqlite \u003c 3.11.1 \u003e= 3.11.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in SQLite. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll sqlite users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/sqlite-3.11.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7036\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7036\n[ 2 ] Two invalid read errors / heap overflows in SQLite (TFPA 006/2015)\n http://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-ove=\nrflows-in-SQLite-TFPA-0062015.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-21\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "PACKETSTORM",
"id": "140086"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7036",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-15-570",
"trust": 2.8
},
{
"db": "BID",
"id": "77646",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2888",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-89914",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84997",
"trust": 0.1
},
{
"db": "TENABLE",
"id": "TNS-2016-13",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140086",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "PACKETSTORM",
"id": "140086"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"id": "VAR-201511-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84997"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:18.743000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT204942",
"trust": 1.5,
"url": "https://support.apple.com/en-us/ht204942"
},
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"title": "APPLE-SA-2015-06-30-1 iOS 8.4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204941"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204942"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204941"
},
{
"title": "Apple iOS and OS X SQLite Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58814"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/"
},
{
"title": "Red Hat: CVE-2015-7036",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7036"
},
{
"title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13"
},
{
"title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.8,
"url": "http://zerodayinitiative.com/advisories/zdi-15-570/"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201612-21"
},
{
"trust": 1.0,
"url": "https://support.apple.com/en-us/ht204942"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7036"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7036"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/77646"
},
{
"trust": 0.3,
"url": "https://www.sqlite.org/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-570/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7036"
},
{
"trust": 0.1,
"url": "https://www.tenable.com/security/tns-2016-13"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://blog.fuzzing-project.org/10-two-invalid-read-errors-heap-ove="
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "PACKETSTORM",
"id": "140086"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"db": "VULHUB",
"id": "VHN-84997"
},
{
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"db": "BID",
"id": "77646"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"db": "PACKETSTORM",
"id": "140086"
},
{
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-18T00:00:00",
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"date": "2015-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84997"
},
{
"date": "2015-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"date": "2015-11-18T00:00:00",
"db": "BID",
"id": "77646"
},
{
"date": "2015-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"date": "2016-12-08T23:46:27",
"db": "PACKETSTORM",
"id": "140086"
},
{
"date": "2015-11-22T03:59:02.953000",
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"date": "2015-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-18T00:00:00",
"db": "ZDI",
"id": "ZDI-15-570"
},
{
"date": "2017-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-84997"
},
{
"date": "2017-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7036"
},
{
"date": "2015-11-18T00:00:00",
"db": "BID",
"id": "77646"
},
{
"date": "2015-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006000"
},
{
"date": "2017-07-01T01:29:20.263000",
"db": "NVD",
"id": "CVE-2015-7036"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and Apple OS X Used in SQLite of fts3_tokenizer Vulnerability in arbitrary code execution in function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-341"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.