exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sqlite | Sqlite | 3.30.1 (including) | 3.30.1 (including) |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:80.0.3987.87-1.el6_10 | * |
| Sqlite3 | Ubuntu | disco | * |
| Sqlite3 | Ubuntu | eoan | * |
| Sqlite3 | Ubuntu | trusty | * |
Potential Mitigations
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://access.redhat.com/errata/RHSA-2020:0514
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
- https://security.netapp.com/advisory/ntap-20200114-0001/
- https://usn.ubuntu.com/4298-1/
- https://www.debian.org/security/2020/dsa-4638
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://access.redhat.com/errata/RHSA-2020:0514
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
- https://security.netapp.com/advisory/ntap-20200114-0001/
- https://usn.ubuntu.com/4298-1/
- https://www.debian.org/security/2020/dsa-4638
- https://www.oracle.com/security-alerts/cpuapr2020.html