| Name | CVE-2015-3717 |
| Description | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: sqlite as shipped in iOS
Fix for sqlite in iOS, upstream doesn't know whether it affects the standard
code base, but Apple would probably have submitted a patch if that were the case
sqlite-dev thread: https://groups.google.com/forum/#!topic/sqlite-dev/U7OjAbZO6LA