CVE-2015-6607 MEDIUM

Published: 2015-10-06 | Last Modified: 2026-05-06 | Status: Modified

Description

SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

Additional Descriptions (1)

SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586.

CVSS Metrics

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-264

Affected Products

Vendor	Product	Version	Update	Type
sqlite	sqlite	*	<built-in method update of dict object at 0x7b06bedee300>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:sqlite:sqlite::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:google:android:5.1:::::::*`

References

http://www.securityfocus.com/bid/76970
Source: [email protected]
https://android-review.googlesource.com/#/c/145961/
Source: [email protected]

Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ
Source: [email protected]

Vendor Advisory
http://www.securityfocus.com/bid/76970
Source: af854a3a-2127-422b-91ae-364da2661108
https://android-review.googlesource.com/#/c/145961/
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory