ericsink
commented
2 years ago The e_sqlite3.dll in 2.0.4 is based on SQLite 3.33.0, much newer than 3.8.10.2.
Closed Yutolivo closed 2 years ago
ericsink
commented
2 years ago The e_sqlite3.dll in 2.0.4 is based on SQLite 3.33.0, much newer than 3.8.10.2.
My company's tool scans out a vulnerability about: Filename: e_sqlite3.dll | Reference: CVE-2015-5895 | CVSS Score: 10.0 | Category: NVD-CWE-noinfo | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
The packages referencing tree like below: Project --xxx.Database --Microsoft.Data.Sqlite(5.0.5) --SQLitePCLRaw.bundle_e_sqlite3 (2.0.4) --SQLitePCKRaw.lib.e_sqlite3(2.0.4) The vulnerability mentions it has unspecified vulnerabilities in SQLite before 3.8.10.2 but out project references Microsoft.Data.Sqlite(5.0.5), I really cannot find out the SQLite version that e_sqlite3.dll is using, so can I consider that this vulnerability a misinformation because 5.0.5> 3.8.10.2.
If not, do you have any ideas about how to resolve these vulnerabilities?