{
  "threat_severity" : "Moderate",
  "public_date" : "2015-11-23T00:00:00Z",
  "bugzilla" : {
    "description" : "sqlite: arbitrary code execution on databases with malformed schema",
    "id" : "1305820",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1305820"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "draft"
  },
  "details" : [ "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument." ],
  "statement" : "This issue did not affect the versions of sqlite as shipped with Red Hat Enterprise Linux 5 and 6.\nRed Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "sqlite",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "sqlite",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "sqlite",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-7036\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7036\nhttp://zerodayinitiative.com/advisories/ZDI-15-570/" ],
  "name" : "CVE-2015-7036",
  "csaw" : false
}