CVE-2019-19880

Priority
Description
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger
an invalid pointer dereference because constant integer values in ORDER BY
clauses of window definitions are mishandled.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in 3.29.0
see CVE-2019-19926 for incomplete fix for this CVE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.11.0-1ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.22.0-1ubuntu0.2)
Ubuntu 19.10 (Eoan Ermine):released (3.29.0-2ubuntu0.2)
Ubuntu 20.04 (Focal Fossa):not-affected (3.31.1-1ubuntu1)
Patches:
Upstream:https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
More Information

Updated: 2020-03-18 22:54:29 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)