F5 Networks BIG-IP : SQLite vulnerability (K16950)
High Nessus Plugin ID 91507
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. (CVE-2015-3416)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16950.