Arbitrary Code Execution and Denial of Service Vulnerability in SQLite

Arbitrary Code Execution and Denial of Service Vulnerability in SQLite

CVE-2015-7036 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

Learn more about our Cis Benchmark Audit For Apple Ios.