Strix
26.1K

CVE-2015-7036

UnknownEPSS 39.29%

Last modified

CVE-2015-7036 is a vulnerability of currently unknown severity. The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.. EPSS estimates a 39.29% chance of exploitation in the next 30 days.

Description

The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

Metrics

EPSS Probability
39.29%

98.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppleMac Os X<= 10.10.3
AppleIphone Os<= 8.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-7036?
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
How severe is CVE-2015-7036?
Severity scoring for CVE-2015-7036 is pending analysis. The EPSS model estimates a 39.29% probability of exploitation in the next 30 days.
How do I fix CVE-2015-7036?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7036?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST