CVE-2020-11655

Priority
Description
SQLite through 3.31.1 allows attackers to cause a denial of service
(segmentation fault) via a malformed window-function query because the
AggInfo object's initialization is mishandled.
Assigned-to
mdeslaur
Notes
mdeslaurper upstream bug, introduced in 3.25
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:released (3.31.1-5)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):released (3.29.0-2ubuntu0.3)
Ubuntu 20.04 LTS (Focal Fossa):released (3.31.1-4ubuntu0.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.31.1-5)
Patches:
Upstream:https://www.sqlite.org/cgi/src/info/712e47714863a8ed
Upstream:https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
Upstream:https://www.sqlite.org/cgi/src/info/b64674919f673602
Upstream:https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354
Upstream:https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718
Upstream:https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae
More Information

Updated: 2020-06-10 15:14:25 UTC (commit 132aa105d3f76f2ee46972c70ad8ceffbe859c66)