SQLite Denial of Service Vulnerability via Crafted COLLATE Clause

SQLite Denial of Service Vulnerability via Crafted COLLATE Clause

CVE-2015-3414 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Learn more about our Web Application Penetration Testing UK.