CVE-2015-7036
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
22/11/2015
Last modified:
12/04/2025
Description
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.10.3 (including) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 8.3 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://zerodayinitiative.com/advisories/ZDI-15-570/
- https://security.gentoo.org/glsa/201612-21
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://zerodayinitiative.com/advisories/ZDI-15-570/
- https://security.gentoo.org/glsa/201612-21